Find the answer to your Linux question:
Results 1 to 3 of 3
Hi everyone, I'm looking for the best way to write into a file when a user open a ssh session and when he ends it. I found the way to ...
  1. 03-11-2010 #1
    ppied
    ppied is offline
    Just Joined!
    Join Date
    Mar 2010
    Posts
    3

    Log when ssh user login/logout

    Hi everyone,

    I'm looking for the best way to write into a file when a user open a ssh session and when he ends it.

    I found the way to get the time when the user login with
    - /etc/ssh/sshrc
    - command who

    But for the logout, nothing. I though about checking with a bash script and the who command in a crontable but it sounds too complicated ...

    I want to add something, the users log in with key authentification.

    Thank you for your ideas

    Romain
    Reply With Quote Reply With Quote
  2. 03-11-2010 #2
    ppied
    ppied is offline
    Just Joined!
    Join Date
    Mar 2010
    Posts
    3

    Post

    Hi Lex,

    I check into /var/log/secure and I get these lines when I login:

    Mar 11 22:05:50 localhost sshd[9711]: Postponed publickey for testuser from 187.31.131.142 port 4612 ssh2
    Mar 11 22:06:00 localhost sshd[9710]: Accepted publickey for testuser from 187.31.131.142 port 4612 ssh2

    But nothing when I logout ...

    I want to specify users login on the server with key authentification (with a passphrase) but users do not have access to any shell.

    The /bin/cat command is launch when user login. The aim is to use this server only as a gateway to jump to other equipments.

    Here are my LOG SSH config :
    SyslogFacility AUTHPRIV
    LogLevel INFO

    I tried with DEBUG as LogLevel value and it works!
    If it's the only way, I'll do it but I'm little bit worried about the size of my logs because it write lots of line in this mode ...

    Others idea ?

    Thanks again Lex
    Reply With Quote Reply With Quote
  3. 03-11-2010 #3
    ppied
    ppied is offline
    Just Joined!
    Join Date
    Mar 2010
    Posts
    3
    I finally set up sshd like this:
    SyslogFacility AUTHPRIV
    LogLevel VERBOSE

    With that, you don't get too many log like with DEBUG mode.

    Output
    Mar 11 22:55:02 localhost sshd[18211]: Connection from 187.21.131.14 port 5059
    Mar 11 22:55:02 localhost sshd[18211]: Found matching RSA key: 03:d3:f0:e2:b1:94:70:6f:68:00:09:e0:ba:eb:90:f4
    Mar 11 22:55:02 localhost sshd[18213]: Postponed publickey for testuser from 187.21.131.14 port 5059 ssh2
    Mar 11 22:55:03 localhost sshd[18211]: Found matching RSA key: 03:d3:f0:e2:b1:94:70:6f:68:00:09:e0:ba:eb:90:f4
    Mar 11 22:55:03 localhost sshd[18211]: Accepted publickey for testuser from 187.21.131.14 port 5059 ssh2
    Mar 11 22:55:08 localhost sshd[18242]: Connection closed by 187.21.131.14
    Mar 11 22:55:08 localhost sshd[18242]: Closing connection to 187.21.131.14
    Indeed, I start looking for some tools...

    I'm setuping a ssh gateway which is a bit used at this time and want to monitor it

    Thanks for your help !
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

...