1

How can I keep a history of activities for chroot'd SSH (not SFTP) users? I've tried:

  • created a .sh_history in their home with the proper permissions
  • created a custom $HISTFILE in .profile and in its jailed /etc/profile
  • exported HISTFILE after logging in.

This is how my Match in sshd_config is:

Match Group sshuser
            ChrootDirectory %h
            AllowTcpForwarding no

Additional Info: This is in an AIX server and user's default shell is ksh. But I have no problem to switch it to bash if the solution requires it. 'chrooted' /etc/profile and user's ~/.profile is not being executed during chrooted login. It also goes without saying that the jailed home is Write-protected for the user, but the files I mentioned and others necessary for the History have enough perms for the user

Dumb admin
  • 127
  • 12
  • can you give the output of `echo $HISTFILE` inside of the session? – blaimi Jan 20 '20 at 14:58
  • the output is empty. it is also not in 'env' output. (yes, I even copied the 'env' binaries) – Dumb admin Jan 20 '20 at 15:07
  • Put something like `echo foo > /tmp/foo` into the `.profile` and see if that file ever shows up. It doesn't look like your `.profile` is getting invoked if you set `$HISTFILE` and it isn't showing up when you `echo` or `env` it. – chicks Jan 20 '20 at 15:43
  • I did already, nothing happens. Does anyone have a chrooted environment for ssh users and history works across sessions? I wouldn't even think this would be a problem, but apparently it is – Dumb admin Jan 20 '20 at 16:07

0 Answers0