Board index Unix Security

monitoring ssh sessions (ttysnoop + sshd) [repost]

monitoring ssh sessions (ttysnoop + sshd) [repost]

Post by Olivier » Fri, 15 Sep 2000 04:00:00



Hello,

I'm currently writing a paper about unix & networks security,
and it includes some practical demonstrations, for example
with ttysnoop+telnet and dsniff.

Now I'd like to be able to use ttysnoop with ssh or openssh :
I've spent some hours trying to compile ssh with ttysnoop
as login shell, etc, but it still not work. I've also looked
on web archives : the question comes often, but no answers...

And you ? Have you managed to use ttysnoop with ssh (under linux) ?
Thanks in advance for any hint!

Regards,
Olivier

--
_________________________________________________________________

 
 
 
Top

monitoring ssh sessions (ttysnoop + sshd) [repost]

Post by Markus Frie » Fri, 15 Sep 2000 04:00:00


you do not provide much usefull information about your problem.

what is the problem? why would changing the loginshell affect the
compile process of ssh or openssh?


>Hello,
>I'm currently writing a paper about unix & networks security,
>and it includes some practical demonstrations, for example
>with ttysnoop+telnet and dsniff.
>Now I'd like to be able to use ttysnoop with ssh or openssh :
>I've spent some hours trying to compile ssh with ttysnoop
>as login shell, etc, but it still not work. I've also looked
>on web archives : the question comes often, but no answers...
>And you ? Have you managed to use ttysnoop with ssh (under linux) ?
>Thanks in advance for any hint!
>Regards,
>Olivier
>--
>_________________________________________________________________



 
 
 
Top

monitoring ssh sessions (ttysnoop + sshd) [repost]

Post by Marius Aamodt Erikse » Fri, 15 Sep 2000 04:00:00



> Hello,

> I'm currently writing a paper about unix & networks security,
> and it includes some practical demonstrations, for example
> with ttysnoop+telnet and dsniff.

> Now I'd like to be able to use ttysnoop with ssh or openssh :
> I've spent some hours trying to compile ssh with ttysnoop
> as login shell, etc, but it still not work. I've also looked
> on web archives : the question comes often, but no answers...

> And you ? Have you managed to use ttysnoop with ssh (under linux) ?
> Thanks in advance for any hint!

Another possibility is to install snoopy  
http://freshmeat.net/projects/snoopy_logger/
Does the same thing and more,

Marius.

 
 
 
Top

monitoring ssh sessions (ttysnoop + sshd) [repost]

Post by Daniel Barre » Fri, 15 Sep 2000 04:00:00




>And you ? Have you managed to use ttysnoop with ssh (under linux) ?

http://www2.merton.ox.ac.uk/~security/archive-199806/0365.html

Haven't tried it myself.

                                                        Dan

 //////////////////////////////////////\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

| SSH, The Secure Shell: The Definitive Guide (O'Reilly & Associates, 2000) |
 \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\/////////////////////////////////////

 
 
 
Top

monitoring ssh sessions (ttysnoop + sshd) [repost]

Post by Olivier » Fri, 15 Sep 2000 04:00:00



Quote:>you do not provide much usefull information about your problem.

>what is the problem? why would changing the loginshell affect the
>compile process of ssh or openssh?

well, I tried a lots of different things (sshd configuration, etc),
but it never worked. I don't even know if is possible: I've _never_
heard anybody who managed to do it.

Regards,
Olivier

--
_________________________________________________________________

 
 
 
Top

monitoring ssh sessions (ttysnoop + sshd) [repost]

Post by Olivier » Fri, 15 Sep 2000 04:00:00



Quote:

>Another possibility is to install snoopy  
>http://freshmeat.net/projects/snoopy_logger/
>Does the same thing and more,

Thanks, already tried it before : nice thing and good idea,
but it breaks some things on my server, for example cgi/suexec
support...

Olivier

--
_________________________________________________________________

 
 
 
Top

monitoring ssh sessions (ttysnoop + sshd) [repost]

Post by Markus Frie » Fri, 15 Sep 2000 04:00:00


sorry, but this is not a usefull bugreport. it lacks software, operating
system and configuration details.



>>you do not provide much usefull information about your problem.

>>what is the problem? why would changing the loginshell affect the
>>compile process of ssh or openssh?
>well, I tried a lots of different things (sshd configuration, etc),
>but it never worked. I don't even know if is possible: I've _never_
>heard anybody who managed to do it.
>Regards,
>Olivier
>--
>_________________________________________________________________


 
 
 
Top

monitoring ssh sessions (ttysnoop + sshd) [repost]

Post by Marius Aamodt Erikse » Fri, 15 Sep 2000 04:00:00




> >sorry, but this is not a usefull bugreport. it lacks software, operating
> >system and configuration details.

> system: linux, with kernel 2.2.16. ttysnoop + telnet working fine,
> ttysnoop + sshd never worked (tried a lots of different things,
> but result was allways ssh doesn't allow anybody to login, or
> impossibility to look at the session). I'll try to find the config
> files later (I made the tries a few months before).

Snoopy is independent of this.  It would be able to do it in both situations.

Marius.

 
 
 
Top

monitoring ssh sessions (ttysnoop + sshd) [repost]

Post by Marius Aamodt Erikse » Fri, 15 Sep 2000 04:00:00




> >Another possibility is to install snoopy  
> >http://freshmeat.net/projects/snoopy_logger/
> >Does the same thing and more,

> Thanks, already tried it before : nice thing and good idea,
> but it breaks some things on my server, for example cgi/suexec
> support...

Well, I'm aware of that, and that bug has been removed in version 1.1 (not yet announced on freshmeat, try http://download.linux.com/tuneup/snoopy-1.1.tar.gz ).

Marius.

 
 
 
Top

monitoring ssh sessions (ttysnoop + sshd) [repost]

Post by Olivier » Sat, 16 Sep 2000 08:51:24



Quote:>sorry, but this is not a usefull bugreport. it lacks software, operating
>system and configuration details.

system: linux, with kernel 2.2.16. ttysnoop + telnet working fine,
ttysnoop + sshd never worked (tried a lots of different things,
but result was allways ssh doesn't allow anybody to login, or
impossibility to look at the session). I'll try to find the config
files later (I made the tries a few months before).

Are you telling me you managed to make it work ? Would be nice... :)

Regards,
Olivier
--
_________________________________________________________________

 
 
 
Top

1. monitoring ssh sessions (ttysnoop + sshd)

Hello,

I'm currently writing a paper about unix & networks security,
and it includes some practical demonstrations, for example
with ttysnoop+telnet and dsniff.

Now I'd like to be able to use ttysnoop with ssh or openssh :
I've spent some hours trying to compile ssh with ttysnoop
as login shell, etc, but it still not work. I've also looked
on web archives : the question comes often, but no answers...

And you ? Have you managed to use ttysnoop with ssh ? Thanks
in advance for any hint!

Regards,
Olivier

--
_________________________________________________________________

2. Microphone

3. Have remote X session on 2nd monitor, local X session on 1st monitor

4. HELP! Problems with Disk Suite 4.1 and Solaris 2.5.1

5. starting ssh-agent as parent of X session for SSH

6. HELP InStaling the unix system

7. ttysnoop and sockets how to get ttysnoop to run.

8. edit quota

9. OpenSSH2.1 sshd core dumps at end of session

10. sshd [871] random session key or cracked?

11. New ssh/sshd patches for Solaris 9

12. limit amount of ssh - users on my sshd-server

13. ssh linux <==> sshd HPUX


All times are UTC
Board index