[Gllug] Howto view another users telnet or ssh session?
Richard Jones
rich at annexia.org
Mon Dec 20 09:52:22 UTC 2004
On Mon, Dec 20, 2004 at 08:13:41AM -0000, David Abbishaw wrote:
> Does anyone know if theres a way to shadow other users telnet or ssh
> sessions as root from an ssh session. I know that theres the screen
> command but really looking for something where the other users doesnt need
> to set anything up in advance.
Moral and legal questions aside, yes.
Telnet is most simple to monitor since it passes over the network
unencrypted, and therefore it is trivial to reconstruct the session by
watching packets. You can do this from any node in between the two
target machines, or from either endpoint. ettercap is one of several
tools which can do this.
With ssh the session is encrypted and there is sufficient protection
against man-in-the-middle attacks to make network monitoring hard.
Probably the simplest way is to use your root priviledges to patch
either ssh or sshd so they secretly log the session by some means, for
example writing the data to a file which you can 'tail -f'.
Rich.
--
Richard Jones. http://www.annexia.org/ http://www.j-london.com/
>>> http://www.team-notepad.com/ - collaboration tools for teams <<<
Merjis Ltd. http://www.merjis.com/ - improving website return on investment
Write Apache modules in OCaml - http://www.merjis.com/developers/mod_caml
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20041220/073760f3/attachment.pgp>
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list