Honeypots mailing list archives
snooping ssh sessions
From: pao <pao () linux netline it>
Date: Mon, 14 Apr 2003 11:47:13 +0200
Hi all! I've got a specific problem: I'd like to log, in a centralized and efficient way, all the activity performed by a set of users on a set of boxes. The basic idea was to setup a bridge box and to limit the access to the other hosts to that specific "bridge" host. The access to the box is via ssh only. I was considering using FreeBSD and "watch" or "termlog" to log all sessions. That has the great advantage to log what happens even if the user ssh or telnet out the "bridge" box. But it has a major drawback: it doesn't log input, only input echo. Try this to understand what I mean: #! /bin/sh stty -echo read test eval $test The question is: is there any clever way to setup a snooping "bridge" host? Is there a way to log both raw input and output data streams? Is there any tool to "replay" the logs? Thanks Pao P.S. Please cc the answer to me as well since I've not joined the list
Current thread:
- snooping ssh sessions pao (Apr 14)