Hi all...
I've completed the task of deploying SSH over my 400 servers.
I don't know if i'm right or wrong, but ssh doesn't do any command-logging, does it?
Is there a app i can use to log all commands passed ( besides the usual .sh_history), whith no modification possible by the user, and how can i couple this to ssh?
Thanx...
You did not mention which ssh you are using ? your OS ? please always provide as many details as possible without sharing any personal info. Here is something I got from usenet (you possibly could log every command by changing values of SyslogFacility and LogLevel). Remember, since we dont know what packages you are using your files may be in different directories :
I log sshd session in a file called /var/log/sshd.log and here's how I do
it:
touch /var/log/sshd.log
edit your /etc/syslog.conf and add the lines
!sshd
*.* /var/log/sshd.log
killall -HUP syslogd
The sshd will now log stuff into /var/log/sshd.log. Edit your
/etc/ssh/sshd_config file to determine what gets logged. By default, the following lines are in sshd_config for sylog logging:
SyslogFacility AUTH
LogLevel INFO
Change as necessary, more details are in the sshd manpage.
In fact, i'm using SSH on HP and Sun boxes.
I know i didn't supply any info on my os or ssh, because it was more a general question then a particular one!
Thanx anyways!