| View previous topic :: View next topic |
| Author |
Message |
Rayne
Tux's lil' helper
Joined: 30 May 2005
Posts: 131
|
 Posted: Sun Oct 15, 2006 1:06 pm Post subject: viewing ssh traffic |
 |
|
| How can I view who's doing what on my sshd? |
|
| Back to top |
|
 |
Dammital
Apprentice
Joined: 05 Nov 2004
Posts: 189
|
| Posted: Sun Oct 15, 2006 2:21 pm Post subject: |
|
|
| You can't see into the ssh session of course. Consider enabling "BSD process accounting" in your kernel config, and then emerge acct. This will give you the tools to keep and report on a per-process log file. |
|
| Back to top |
|
|
feld
Guru
Joined: 29 Aug 2004
Posts: 593
Location: USA
|
| Posted: Mon Oct 16, 2006 11:46 pm Post subject: |
|
|
w and who will show you who is in at least.... combine with their info from there and output from ps you can get a good idea of what they're running
_________________
< bmg505> I think the first line in reiserfsck is
if (random(65535)< 65500) { hose(partition); for (i=0;i<100000000;i++) print_crap(); } |
|
| Back to top |
|
|
shanew
n00b
Joined: 16 Sep 2006
Posts: 34
Location: Austin, TX
|
| Posted: Wed Oct 18, 2006 1:40 pm Post subject: |
|
|
I would second the use of process accounting, which is useful for other reasons as well.
There are also programs that will allow you to watch or snoop on terminal sessions, which would allow you to see exactly what users are typing and seeing in real-time, but they may require modification to the sshd code to work properly (and some used to require modifications to kernel code as well). There are, of course, some pretty serious privacy, security and ethical issues involved in this level of surveillance, and if you're looking to do this in any official organization, such a setup should be approved by management, spelled out in policy, and made clear to users. |
|
| Back to top |
|
|
|
Networking & Security
