ssh logging
in [Solaris]
|
From: Habscout on 10 May 2006 12:10 I've set up basic public key sharing, with no passphrases, to test automated ssh logins to remote servers. That works fine. When I login, the commands I use are recorded in my .sh_history file. However, when I perform the ssh login with the commands bound to ssh [eg. ssh host1 ls /dev ] the commands are not being recorded in my .sh_history file. Can anyone recommend a way to force the commands to be recorded to ..sh_history or elsewhere in that type of scenario?
From: Darren Dunham on 10 May 2006 21:57 Habscout <habscout(a)gmail.com> wrote: > I've set up basic public key sharing, with no passphrases, to test > automated ssh logins to remote servers. That works fine. When I login, > the commands I use are recorded in my .sh_history file. However, when I > perform the ssh login with the commands bound to ssh [eg. ssh host1 ls > /dev ] the commands are not being recorded in my .sh_history file. > Can anyone recommend a way to force the commands to be recorded to > .sh_history or elsewhere in that type of scenario? ..sh_history is not a valid place if you're trying to track all user commands. Turn on auditing if that's what you want. -- Darren Dunham ddunham(a)taos.com Senior Technical Consultant TAOS http://www.taos.com/ Got some Dr Pepper? San Francisco, CA bay area < This line left intentionally blank to confuse you. >
From: Sam Nelson on 11 May 2006 03:16 Habscout wrote: > I've set up basic public key sharing, with no passphrases, to test > automated ssh logins to remote servers. That works fine. When I login, > the commands I use are recorded in my .sh_history file. However, when I > perform the ssh login with the commands bound to ssh [eg. ssh host1 ls > /dev ] the commands are not being recorded in my .sh_history file. > > Can anyone recommend a way to force the commands to be recorded to > .sh_history or elsewhere in that type of scenario? > You could have a look at the Solaris auditing module(s) if you really want to start logging all activity, looking at .[shell]_history isn't recommended, not least because users can overwrite it :) A quick hack might be to add a *.debug entry to syslog.conf and point this to /var/adm/spamlog or so. Just remember to touch the file and restart syslogd. But really I'd recommend man auditconfig and take a dig around. Sam
|
Pages: 1 Prev: Help: Cannot boot from CD Next: NIS server sometimes loses connection to itself... |