Log ssh communications

Question

I have a closed source program which calls server over SSH and executes a set of commands.

Could you tell me how can I log all commands?

My server is under Ubuntu.

Answer 1

Snoopy can be used to log all commands ran on a system. Logs will be sent to syslog.

Answer 2

Without knowing exactly how it's doing it's thing, there's no one answer that I can give. However, a few possibilities:

• It uses keys for authentication, and runs a command it passes at login: This is easy. Add a command= to the entry in ~/.ssh/authorized_keys that calls a script that logs the command it runs, and then just execs the command. Transparent, simple.
• It uses keys for authentication, runs a shell, and stuffs commands down the shell: Harder, but still straightforward. Again, command= in ~/.ssh/authorized_keys to run a shell of your choosing, which could be something like sudoshell or something else that logs all commands (for super bonus trickery, you could even use script for full replayability).
• It uses passwords: No command= trickery allowed here, you're going to have to go the whole hog and use something like snoopy to log everything that happens -- but unless this program is the only thing using SSH, you'll likely end up with a lot of logs.

Answer 3

If the close source program allows you to edit remote SSH parameters or you can put the commands into a shell script, you can wrap your execution around the "script" command on the remote server like this:

ssh 192.168.15.200 'script ps.log -c "ps -ef"'

In this case, the output of ps -ef is saved into the file ps.log