Re: Linux keylogger or logging command before ssh

On Tue, 21 Feb 2006 22:40:44 -0800, themattreid wrote:

The nature of an encrypted tunnel is that all of the data being
transfered is not able to be read with out the cypher. A keylogger
would not help in this instance.

michael4447@xxxxxxxxx wrote:
I am setting up a honeynet. I have noticed that when someone gets into
my box they ssh out (so that I cannot read the packets with an
attatched sniffer).

Does anyone know of a keylogger that would capture all traffic or
commands *before* they leave the hacked box and into the ssh tunnel? I
have tried j2mitm to attack the ssh2 tunnel itself but I cannot get
that to work and I think grabbing the traffic before it gets encrypted
would be much easier anyway.

I can post a more detailed description if that would be helpful or if
anyone is interested. Thanks,


That is not quite true. A keylogger would certainly show you what the ssh
user is typing - but not what he reads.

The easiest solution for the OP is to install a modified version of ssh on
the machine: no keylogger required, and all the traffic (outgoing and
incoming) can be logged somewhere.

----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==---- The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----