logging all activity?
Rob Landley
rob at landley.net
Tue Aug 8 08:28:02 WST 2006
On Monday 07 August 2006 9:40 am, Matt Johnston wrote:
> On Mon, Aug 07, 2006 at 09:17:15AM -0400, Paul Fox wrote:
> > hi -- is there a relatively painless way to cause the dropbear
> > server to log all remote command executions? i only need this
> > for debugging -- i want to see all instances where a client has
> > run "ssh myhost some command", or has run scp to copy files to or
> > from myhost. i don't need interactive session logging.
> >
> > a quick perusal of the docs didn't turn up anything obvious.
>
> There's no builtin way, though you could modify a shell
> login file (.zshenv for zsh, not sure about others) to log
> the commands, since all commands are actually run as
> 'sh -c "some command"'.
Just confirming:
They're run with the shell for the user in the /etc/passwd file, right? So
you can stick any kind of gatekeeper program you want in there. (Did that on
openssh long ago...)
So an easy way to do this is make a special user whose login shell is a
logging wrapper thing.
Rob
--
Never bet against the cheap plastic solution.
More information about the Dropbear
mailing list