Login or Register to Ask a Question and Join Our Community


UNIX for Advanced & Expert Users

How to monitor SSH sessions

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users How to monitor SSH sessions
# 1  
Old 11-06-2007
How to monitor SSH sessions
Hi All

Is it possible to log and monitor user activities in a SSH session. Is there any configuration or a patch to apply ?. Im currently using OpenSSH with AIX 5.3L

and my syslog.conf includes

auth.* /var/log/sshd/auth.log

and

in sshd_config it shows

SysLogFacility AUTH
LogLevel VERBOS


but no log file can find under /var/log/sshd

can anyone help me regarding this

Thank You
-Anuradha
# 2  
Old 11-06-2007
This is how you can do it

1) Change the users shell to something else like
/bin/myscript (a script that you will write)

2) That script will actually log everything in a text file (in a weird place that he wont be able to guess) and process all the commands from the shell he/she was using earlier
So basically its a wrapper around the shell

3) Stop user to change shells using sudo or other means


Basically this is not a foolproof plan as the user will be able to change the file since he will have the same access rights as the logshell

Let me think if there is another way of doing it


~Sage
Last edited by s4g3; 11-06-2007 at 09:27 AM..
# 3  
Old 11-06-2007
Here is the solution

Run your script as root and run the users command with users privileges

Log the commands as root and give a permission of 700 to the logfile with owner as root and group as sys (?)

Thanks
~Sage
# 4  
Old 11-08-2007
Thank you very much for your replies sage...Smilie

I created a script and pointed it as my default shell.. also i added the script location to /etc/shells


but chsh <user> /usr/bin/myscript failled with

3004-635 Error setting shell for "anu" to "/usr/bin/wrap" : Value is invalid.

the script works fine and can my script work as a shell ?
here is the script

#! /bin/ksh
OPERATION=
LOGFILE="./log"

OPTIONS="$@"

echo "`date` + `whoami` + $OPTION "$@"" >> $LOGFILE

exec $OPERATION "$@"

Thank You
-Anuradha
# 5  
Old 10-02-2008
Allowing a custom script as a shell in AIX
A little untimely given how long ago you posted this but for those who follow:

You have to edit the allowable shells in your /etc/security/login.cfg

usw:
shells = /bin/sh,/bin/bsh,/bin/csh,/bin/ksh,/bin/tsh,/bin/ksh93,/usr/bin
/sh,/usr/bin/bsh,/usr/bin/csh,/usr/bin/ksh,/usr/bin/tsh,/usr/bin/ksh93,/usr/bin/
rksh,/usr/bin/rksh93,/usr/sbin/uucp/uucico,/usr/sbin/sliplogin,/usr/sbin/snappd


Add yours to the list.

Edit: I noticed that if I made the change directly to the /etc/passwd line then tried the chsh it always gave me the "Value is invalid" error even if I put in a normal shell like /bin/ksh, so if you made the change manually prior you have to correct it first before using the kosher method...
Last edited by low351; 10-02-2008 at 01:44 PM..
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. UNIX for Beginners Questions & Answers

Find number of ACTIVE SSH putty sessions, excluding where the user hopped on to a diff server

Hi - If iam logged on to server A, on 4 putty windows using SSH ... and out of these 4 logged-in sessions, in one of the sessions if i did SSH from server A to server B; i would now have 4 putty windows sessions ... of which 3 are actively logged on to Server A while 1 putty window is actively... (2 Replies)
Discussion started by: i4ismail
2 Replies

2. Infrastructure Monitoring

Searching for Saas Monitor service which monitor my servers which are sitting in different providers

Sorry if this is the wrong forum Searching for Saas Monitor service which monitor my servers which are sitting in different providers . This monitor tool will take as less CPU as possible , and will send info about the server to main Dashboard. The info I need is CPU / RAM / my servers status (... (1 Reply)
Discussion started by: umen
1 Replies

3. Hardware

Fedora 16 dual monitor - dual head - automatic monitor shutdown

Hi, I am experiencing troubles with dual monitors in fedora 16. During boot time both monitors are working, but when system starts one monitor automatically shut down. It happend out of the blue. Some time before when I updated system this happend but then I booted older kernel release and... (0 Replies)
Discussion started by: wakatana
0 Replies

4. Red Hat

multiple ssh sessions

Hi, I use OpenSSH to log on to a RH server but when I enter the password 2 session windows appear. I only need one so can anyone advise where I can rectify this? R, D. (2 Replies)
Discussion started by: Duffs22
2 Replies

5. UNIX for Advanced & Expert Users

script to monitor if ssh works.

Hi All, I have a setup of around 100 servers with atleast 10 users on each box.The public key from one server has been created and updated on all other servers , so that passwordless login can be done from any use. We recently had a problem that ssh keys on one of the system was changed and... (2 Replies)
Discussion started by: nua7
2 Replies

6. UNIX for Dummies Questions & Answers

Automatic logging (capture screen output) of telnet/ssh sessions on a Solaris node

Hi I am working in Solaris 10 and I want to monitor logs for every telnet/ssh session that tries to connect to the server. I need these logs to be generated in a file that I can fetch using ftp. I am a new user and a stepwise detail will be great BR saGGee (3 Replies)
Discussion started by: saggee
3 Replies

7. Shell Programming and Scripting

SSH sessions from bash script

Hi Forum. First of all thanks for reading. I need some help here. I have been checking some other posts about this issue, but I still have problems... I'm trying to conect througn ssh to several machines to kill some process and I have problems with the " ' ' ". This is what I'm trying... (2 Replies)
Discussion started by: gtangil
2 Replies

8. Shell Programming and Scripting

SSH sessions from bash script

Hello, I had to make an ssh connection to remote server from a bash shell script. I've summarized my research and I want to share it with you. I hope it will be useful to somebody or it will get improved. Bash has an option, which is called "input redirection", I think. It is something similar to... (3 Replies)
Discussion started by: tsurko
3 Replies

9. Shell Programming and Scripting

Monitor: Read from the monitor

Hello, I would like to write a script that use the display as an input. In the display there is a list of file. I want to use it as an array and this would be the input in my script. Does somebody know how do I make it? (2 Replies)
Discussion started by: mig8
2 Replies
Login or Register to Ask a Question