Linux ssh client log all commands

Question

I'm going to setup a Linux console box for login to Cisco devices via ssh only from that Linux machine. How I can setup ssh client on Linux to log all commands applied to Cisco devices?

Answer 1

You can use the script command to log all the terminal output, which under normal circumstances include all the typed commands.

An invocation could look like this if you want to append to a single file:

script -a -f -c 'ssh cisco.example.com' /var/local/log/ssh-cisco.log

Or like this if you want separate files per invocation:

script -f -c 'ssh cisco.example.com' "/var/local/log/ssh-cisco-$(date date +%Y-%m-%d_%H:%M:%S.%N).$$.log"

If the user were required to type those commands themselves, they would of course be too lazy to do all that extra typing to enable logging. And writing the entire thing in a shell script might not be good enough for you either, since I am assuming you don't want the users to be able to bypass the logging.

So you want to avoid the users having access to bypass the logging, and you don't want them to have write access to the directory containing the logs either.

You could setup a separate group which has read access to the ssh key and write access to the log directory. Then you can wrap the script command in a set-group-id executable or sudo.

Answer 2

I found a solution with "| tee -a logfile" Is there any other solution for that? I need only commands in logfile not all output, if that is possible.

Answer 3

Correct me if I'm wrong, but AFAIK, even CISCO devices have a .bash_history file. When you log in, all the commands are saved there in timeline order. Therefore I don't see the use of asking the SSH client to save every command you type.