Re: Linux keylogger or logging command before ssh

On Tue, 21 Feb 2006 22:40:44 -0800, themattreid wrote:

The nature of an encrypted tunnel is that all of the data being
transfered is not able to be read with out the cypher. A keylogger
would not help in this instance.

michael4447@xxxxxxxxx wrote:
I am setting up a honeynet. I have noticed that when someone gets into
my box they ssh out (so that I cannot read the packets with an
attatched sniffer).

Does anyone know of a keylogger that would capture all traffic or
commands *before* they leave the hacked box and into the ssh tunnel? I
have tried j2mitm to attack the ssh2 tunnel itself but I cannot get
that to work and I think grabbing the traffic before it gets encrypted
would be much easier anyway.

I can post a more detailed description if that would be helpful or if
anyone is interested. Thanks,


That is not quite true. A keylogger would certainly show you what the ssh
user is typing - but not what he reads.

The easiest solution for the OP is to install a modified version of ssh on
the machine: no keylogger required, and all the traffic (outgoing and
incoming) can be logged somewhere.

----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==---- The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----

Relevant Pages

  • Re: what is ssh-sgent?
    ... If you leave your system unattended, then someone could install a ... keylogger, and see what the ssh password is. ...
  • Re: Remote Desktop from Linux console
    ... Here is an example of forwarding an X session through a SSH tunnel. ... Again dependent on being able to connect to a SSH server on your network from the outside world. ... I do, or did, that all the time when I ran a SSH server on either a PC inside my router or on the router itself, ie. DD-WRT running on the router. ...
  • Re: [SLE] Security, ssh/vpn into a network
    ... "My server is running several services, ... outside are http and ssh. ... Again, ports 5900 is not open to the outside, neither is any of the ... not being forwarded on the firewall but through the ssh tunnel. ...
  • Re: mysql connection through ssl tunnel
    ... I'd like to allow the application server to access mysql ... I've never set up an SSH tunnel. ...
  • Re: [Full-Disclosure] RE: By passing surf control
    ... I do the ssh bypass everyday at work;) works absolutely perfect hehehe. ... Connect your browser to 3128 and fwd over ssh tunnel and out ... >With a standard proxy that support CONNECT METHOD (Typically HTTPS ... Unless you are the intended recipient or his/her ...