[Gllug] Howto view another users telnet or ssh session?
Jan Minar
jjminar at FastMail.FM
Sat Dec 25 03:44:10 UTC 2004
On Sat, Dec 25, 2004 at 12:24:37AM +0000, Nix wrote:
> On Mon, 20 Dec 2004, Richard Jones announced authoritatively:
> > With ssh the session is encrypted and there is sufficient protection
> > against man-in-the-middle attacks to make network monitoring hard.
> > Probably the simplest way is to use your root priviledges to patch
> > either ssh or sshd so they secretly log the session by some means, for
> > example writing the data to a file which you can 'tail -f'.
>
> Well, ttysnoop or (for a completely undetectable method)
> user-mode-linux's TTY logging facilities would do the trick.
>
> (I do exactly that, logging all TTY traffic across my firewall,
> and getting a regular report on exactly when connections were
> established, tied to the logs: so if a suspicious-looking
> connection happens, I can tell exactly what it was.
>
> And no, I don't look at other users' logs without asking them first,
> even though I could.)
Are you sure it's not illegal to log it without their consent, in the
first place?
--
)^o-o^| jabber: rdancer at NJS.NetLab.Cz
| .v K e-mail: jjminar FastMail FM
` - .' phone: +44(0)7981 738 696
\ __/Jan icq: 345 355 493
__|o|__Minář irc: rdancer at IRC.FreeNode.Net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: not available
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20041225/dc8f15f3/attachment.pgp>
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list