Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Witold Rugowski
November 25, 2005, 11:07 am
rate this thread
I'm trying to figure out wheter on OpenSSH is simple way to log all opened
forwarded connenctions via ssh. I'm thinking about something like "Event log" in
putty, but server-side:
2005-11-24 12:03:18 Opening forwarded connection to 10.x.x.x:3389
2005-11-24 12:07:26 Forwarded port closed
This is required to allow matching network activity with user accounts on ssh
host. In system log on ssh host there are no traces of such logging... Is this
possible at all without patching sshd code ?
Re: Logging port forwarding
Connection establishment is logged at level "debug1", so setting "LogLevel
DEBUG1" or higher in sshd_config will put in in syslog (along with a
bunch of other stuff). Not sure if it connection termination will be
Note that if you're using it for audit purposes, it's possible to bypass
it with a user-run forwarder, eg "ssh yourhost nc remotehost 22".
If your OS has some kind of kernel-level accounting you might want to
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum