View previous topic :: View next topic |
Author |
Message |
NuclearFusi0n Apprentice
Joined: 20 Jun 2003 Posts: 297
|
Posted: Tue Aug 12, 2003 10:03 am Post subject: How can I monitor ssh sessions on my box? |
|
|
I'm running sshd and I want to watch a user or two in their sessions - how is this possible?
and do you recommend any configuration of sshd beyond the defaults? _________________ I will keel yoo grub |
|
Back to top |
|
|
carbon Guru
Joined: 27 Jun 2003 Posts: 455 Location: New York
|
Posted: Tue Aug 12, 2003 1:16 pm Post subject: |
|
|
you mean watching them in real time and see what they are doing?
that is over my head, but one thing you can tell who is logged on, just type ps aux. _________________ I do what I want, and that's what I do.
GNU World Domination
Carbon |
|
Back to top |
|
|
sKewlBoy Guru
Joined: 03 Nov 2002 Posts: 406 Location: Portugal
|
Posted: Tue Aug 12, 2003 1:32 pm Post subject: |
|
|
To see who's logged on you use "who" or "w" or "finger" (if you have it running).
"ps aux" won't give you who's logged on, will show you who as processes running... if it's a bash, then it's logged on. So then you could use "ps aux | grep bash | cut -d " " -f 1 | sort | uniq" to get it in a complicated way (replacing bash for any shell you might use).
I think monitoring ssh session is possible with tty sniffers, but I wouldnt go there.... besides, why would you monitor someone's session ? It should be private... And you can always cat their $HISTFILE, if they didnt unset it before logging out, but that wouldnt be realtime, nor very complete... |
|
Back to top |
|
|
GentooBox Veteran
Joined: 22 Jun 2003 Posts: 1168 Location: Denmark
|
Posted: Tue Aug 12, 2003 3:55 pm Post subject: |
|
|
if you are root on the box.
then you could use ~/.bash_history to see what they type.
i think there is a script somewhere to monitor the bash_history live.
but i havent found it yet. _________________ Encrypt, lock up everything and duct tape the rest |
|
Back to top |
|
|
Safrax Guru
Joined: 23 Apr 2002 Posts: 422
|
Posted: Tue Aug 12, 2003 4:33 pm Post subject: |
|
|
GentooBox wrote: | if you are root on the box.
then you could use ~/.bash_history to see what they type.
i think there is a script somewhere to monitor the bash_history live.
but i havent found it yet. |
tail -f ~/.bash_history? |
|
Back to top |
|
|
GentooBox Veteran
Joined: 22 Jun 2003 Posts: 1168 Location: Denmark
|
Posted: Tue Aug 12, 2003 4:40 pm Post subject: |
|
|
Code: |
cat /root/.bash_history
|
if you are logged in as root and want to se your own bash history.
Code: |
cat /theusername/.bash_history
|
if you want to see theusername´s bash history.
you may also have a look at /var/log/sshd/current _________________ Encrypt, lock up everything and duct tape the rest |
|
Back to top |
|
|
sKewlBoy Guru
Joined: 03 Nov 2002 Posts: 406 Location: Portugal
|
Posted: Tue Aug 12, 2003 4:57 pm Post subject: |
|
|
.bash_history is only available if the users don't unset its env ($HISTFILE as I mentioned...).
I dont know why you want to spy on that user, but if you think he's doing something he should not, he probably won't do something stupid as leaving .bash_history ... I wouldn't |
|
Back to top |
|
|
NuclearFusi0n Apprentice
Joined: 20 Jun 2003 Posts: 297
|
Posted: Thu Oct 23, 2003 4:36 am Post subject: |
|
|
boomp. _________________ I will keel yoo grub |
|
Back to top |
|
|
dma Guru
Joined: 31 Jan 2003 Posts: 437 Location: Charlotte, NC, USA
|
|
Back to top |
|
|
ed0n l33t
Joined: 23 Apr 2003 Posts: 638 Location: Prishtine/Kosove
|
Posted: Tue Oct 28, 2003 9:09 am Post subject: Re: How can I monitor ssh sessions on my box? |
|
|
NuclearFusi0n wrote: | I'm running sshd and I want to watch a user or two in their sessions - how is this possible?
and do you recommend any configuration of sshd beyond the defaults? |
who , if you want to kill a connection ps aux (man ps) |
|
Back to top |
|
|
amne Bodhisattva
Joined: 17 Nov 2002 Posts: 6378 Location: Graz / EU
|
Posted: Tue Oct 28, 2003 9:14 am Post subject: |
|
|
man sshd_config
Quote: | LogLevel
Gives the verbosity level that is used when logging messages from
sshd. The possible values are: QUIET, FATAL, ERROR, INFO, VER-
BOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. The default is INFO.
DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify
higher levels of debugging output. Logging with a DEBUG level
violates the privacy of users and is not recommended.
|
note: this isn't specific for one user but all.
if i remember correctly, one of the debug levels was called "fascist logging" in on of the earlier versions of sshd
respect the privacy of your users, if you don't trust them, don't give them an account (assuming you are in the position to decide this). |
|
Back to top |
|
|
viperlin Veteran
Joined: 15 Apr 2003 Posts: 1319 Location: UK
|
Posted: Sat Apr 10, 2004 11:52 pm Post subject: |
|
|
In Mandrake .bash_history is live (well to my memory it was) |
|
Back to top |
|
|
Acidic n00b
Joined: 07 Apr 2004 Posts: 12 Location: Ontario, Canada
|
Posted: Thu Apr 15, 2004 10:38 am Post subject: |
|
|
Quote: |
an sshd_config
Quote:
LogLevel
Gives the verbosity level that is used when logging messages from
sshd. The possible values are: QUIET, FATAL, ERROR, INFO, VER-
BOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. The default is INFO.
DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify
higher levels of debugging output. Logging with a DEBUG level
violates the privacy of users and is not recommended.
note: this isn't specific for one user but all.
if i remember correctly, one of the debug levels was called "fascist logging" in on of the earlier versions of sshd
respect the privacy of your users, if you don't trust them, don't give them an account (assuming you are in the position to decide this).
|
Um just wondering... Where is this logging stored?
I tried .bash_history and that gave me an new empty file.
Do i need to specify where the loglevel output goes? _________________ I can take your thoughts away
And ill ignite your fear today
I can take you far away...
With my mind |
|
Back to top |
|
|
viperlin Veteran
Joined: 15 Apr 2003 Posts: 1319 Location: UK
|
Posted: Thu Apr 15, 2004 4:48 pm Post subject: |
|
|
goes to /var/log/messages here, syslog-ng |
|
Back to top |
|
|
|