HPE Community
Operating System - HP-UX
1753505 Members
5681 Online
108794 Solutions
New Discussion

Re: SSH: Capturing the Remote Server

 
dewa
Occasional Contributor

‎11-17-2011 10:52 PM

‎11-17-2011 10:52 PM

SSH: Capturing the Remote Server

Hi All,

 

Our environment is implementing SSH.  After we launch ssh (e.g. ssh user@host1), we login to the remote server.

 

Is there a way to capture the remote server which the user login to?  is that available in log file(s). Thinking if we can enable one of sshd_config or ssh_config options to capture the remote server in log file.

 

Can anyone help me please?

 

 

Thanks and Regards,

Dewa

0 Kudos
Reply
4 REPLIES 4
Jeff_Traigle
Honored Contributor

‎11-18-2011 07:54 AM

‎11-18-2011 07:54 AM

Re: SSH: Capturing the Remote Server

Not sure what you mean exactly. If you're wanting a message on the remote server saying user logged in via ssh, that's logged in /var/adm/syslog/syslog.log. It should also be logged in /var/adm/wtmp so you can see the login via the last(1) command although that will only show the pty used, not the protocol used to login.

--
Jeff Traigle
0 Kudos
Reply
dewa
Occasional Contributor

‎11-18-2011 09:10 AM

‎11-18-2011 09:10 AM

Re: SSH: Capturing the Remote Server

Hi Jeff,

 

Thanks. What I mean that I need to record the remote server. Let say I run command "ssh dewa@hostA", Is there any way to capture the information abt remote server (which is hostA) after calling ssh?  For instance, the log file may contain "18 Nov 2011 10:05   ssh    dewa    hostA". So from that information I will get to know that ssh run by user dewa to remote server hostA.

 

Regards,

Dewa

0 Kudos
Reply
Jeff_Traigle
Honored Contributor

‎11-18-2011 09:18 AM

‎11-18-2011 09:18 AM

Re: SSH: Capturing the Remote Server

I see. So you want the logging on the client side. The only logging I can think of that could occur on the client side is:

 

  1. the interactive shell history, which isn't centralized and can be wiped by the user
  2. via the auditing facility available in HP-UX, which eats up a lot of disk space from what I understand seeing other's posts over the years
  3. creating a wrapper script to log it somewhere that the user can write to, which necessarily means that the user can either wipe that log or find the actual binary to run directly

Option 2 is the surest bet.

--
Jeff Traigle
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎11-18-2011 04:20 PM

‎11-18-2011 04:20 PM

Re: SSH: Capturing the Remote Server

>So from that information I will get to know that ssh run by user dewa to remote server hostA.

 

The logon info is available on hostA with last(1), is that good enough?  It includes the client servers name.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.