SSH session audit
Hi,
I'm co-managing a server with a friend of mine offering ourself some
basic service (like emails, file sharing, etc). At this time each of us
can freely login on the server via ssh (we trust each others) for the
daily administrative tasks.
I would like to improve the current set up by adding a layer of
certification and proofing of the ssh session, because if you know that
you are recorded you'll be enforce to behave better. For this scope I've
found many different possible solution, but quite complex to be
implemented (like ssh proxy that records the session [1]), or too basic
(like using /usr/bin/script). So far none of those that I've found
satisfy me.
About that I remember that some time ago (maybe one or two years ago) I
read a post on planet debian about such a method for session audit. It
was suggesting as an easy to run solution for external consultant: the
recording and encrypting of the remote session was performed without
requiring any proxy, letting to store the session data on a dumb
external host. From what I could remember I think that the idea was
something like recording the session with script like utilities
(launched at session login), then periodically encrypting it with gpg
and publishing on a local folder or on a remote resource. This way the
owner of the system could reliably access the session log, and the
remote person could always prove what he did at during the ssh session.
Do you know about that solution? Or could you suggest something similar?
Thank you,
risca.
[1] ssh proxy solutions: ssh-bastion, KeyBox
Reply to: