Re: Logging port forwarding
From: Darren Tucker (dtucker_at_gate.dodgy.net.au)
Date: 11/27/05
- Previous message: Darren Tucker: "Re: AIX 5.3 LDAP PAM PrivilegeSeperation"
- In reply to: Witold Rugowski: "Logging port forwarding"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 27 Nov 2005 11:07:30 GMT
On 2005-11-25, Witold Rugowski <witold.rugowski@hp.com> wrote:
> I'm trying to figure out wheter on OpenSSH is simple way to log all
> opened forwarded connenctions via ssh. I'm thinking about something like
> "Event log" in putty, but server-side:
>
> 2005-11-24 12:03:18 Opening forwarded connection to 10.x.x.x:3389
> 2005-11-24 12:07:26 Forwarded port closed
>
> This is required to allow matching network activity with user accounts
> on ssh host. In system log on ssh host there are no traces of such
> logging... Is this possible at all without patching sshd code ?
Connection establishment is logged at level "debug1", so setting "LogLevel
DEBUG1" or higher in sshd_config will put in in syslog (along with a
bunch of other stuff). Not sure if it connection termination will be
logged, though.
Note that if you're using it for audit purposes, it's possible to bypass
it with a user-run forwarder, eg "ssh yourhost nc remotehost 22".
If your OS has some kind of kernel-level accounting you might want to
investigate that.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
- Previous message: Darren Tucker: "Re: AIX 5.3 LDAP PAM PrivilegeSeperation"
- In reply to: Witold Rugowski: "Logging port forwarding"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
