HPE Community
Operating System - Linux
1830354 Members
2254 Online
110001 Solutions
New Discussion

track commands using ssh (with passphrase)

 
SOLVED
Go to solution
leonardo bianchi quota
Advisor

‎07-25-2005 09:02 PM

‎07-25-2005 09:02 PM

track commands using ssh (with passphrase)

Hi, I would like to have a command history for ssh connections for authenticated hosts.
I noticed that by default, without passphrase, commands are logged in .bash_history file. Otherwise using passprhase, commands are not saved anywhere.
How could I manage?

Thank You.

Leonardo.
0 Kudos
Reply
5 REPLIES 5
Muthukumar_5
Honored Contributor

‎07-25-2005 09:04 PM

‎07-25-2005 09:04 PM

Re: track commands using ssh (with passphrase)

It will be located in /var/log/messages file. You can also get history login informations with last command.

hth.
Easy to suggest when don't know about the problem!
0 Kudos
Reply
Stuart Browne
Honored Contributor

‎07-25-2005 09:11 PM

‎07-25-2005 09:11 PM

Solution

Re: track commands using ssh (with passphrase)

That's odd.. '.bash_history' is for all login sessions, regardless of how they came in.

Something to verify on one of your passphrase sessions is to the content of the 'HISTFILE' environment variable:

echo $HISTFILE

It should point to '.bash_history' in the user's home directory.
One long-haired git at your service...
Reply
Ivan Ferreira
Honored Contributor

‎07-26-2005 01:39 AM

‎07-26-2005 01:39 AM

Re: track commands using ssh (with passphrase)

If you will use the solution described above, you must ensure that the HISTFILE, HISTSIZE environment variable is read only, if this variable is unset or changed to nothing, then the commands will not be logged, and you wont accomplish your objetives.

readonly HISTFILE=path_to_file
readonly HISTSIZE=10000

Also, is better if set the HISTFILE on a directory that cannot be accesed to any other except root, so it wont be deleted.

There is a command called script, that can help you too. Also, you can enable auditing.

Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Reply
Muthukumar_5
Honored Contributor

‎07-26-2005 08:10 PM

‎07-26-2005 08:10 PM

Re: track commands using ssh (with passphrase)

You can make it with /etc/profile easily. Previously, I was suggesting solution for keep tracking ssh connection information. To me command history you have to set HISTFILE as,

--/etc/profile
set -o vi
export HISTFILE=$HOME/.ssh_history
export HISTSIZE=1000

It will setting history file. Anyway, If you want to set it only for SSH login then,

-- /etc/profile --
ps | grep -q 'ssh'
if [[ $? -eq 0 ]]
then
set -o vi
export HISTFILE=$HOME/.ssh_history
export HISTSIZE=1000
fi

It will be logging ssh related history into $HOME/.ssh_history.

Any terminal login (non cde) will use /etc/profile always.

hth.
Easy to suggest when don't know about the problem!
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎07-28-2005 01:56 AM

‎07-28-2005 01:56 AM

Re: track commands using ssh (with passphrase)

If HISTFILE and HISTSIZE are both set, HISTSIZE to a reasonable size, the commands should be tracked on the server you are connecting to.

I think you should check ownership/permissions on the server. That might explain the mystery here.

SEP
Israel
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.