[Gllug] Howto view another users telnet or ssh session?

[Nix]

On Mon, 20 Dec 2004, Richard Jones announced authoritatively:
> With ssh the session is encrypted and there is sufficient protection
> against man-in-the-middle attacks to make network monitoring hard.
> Probably the simplest way is to use your root priviledges to patch
> either ssh or sshd so they secretly log the session by some means, for
> example writing the data to a file which you can 'tail -f'.

Well, ttysnoop or (for a completely undetectable method)
user-mode-linux's TTY logging facilities would do the trick.

(I do exactly that, logging all TTY traffic across my firewall,
and getting a regular report on exactly when connections were
established, tied to the logs: so if a suspicious-looking
connection happens, I can tell exactly what it was.

And no, I don't look at other users' logs without asking them first,
even though I could.)

-- 
`The sword we forged has turned upon us
 Only now, at the end of all things do we see
 The lamp-bearer dies; only the lamp burns on.'
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug