Thus Richard Tricoche hast written on Wed, Sep 23, 2009 at 04:51:55PM -0400, and, according to prophecy, it shall come to pass that:
> I have a server (source machine) that many users log into and su - root.
> >From this server - these folks ssh out to other (target) machines as root
> and gain direct login access to the machines via ssh keys.
Ouch.
> I'm looking for a way to log some activity on the client side (source machine)
> The goal is to determine at any point "which user" (the real user before su
> - root) - has initiated ssh connections to "which (target) machine" - at
> "what time".
>
> Criteria:
> --------------
> User > Target Machine > Timestamp
Rework your methodology, use sudo instead of su.
The command your users would use is:
sudo ssh host
The sudo logs (where depends on your flavor) will indicate that user ran
"sudo ssh enterprise" at XX:XX timestamp.
Now, here's some magic for you...
Create the following script and call it sudossh:
sudo ssh $0
THEN create links to it in their path, one for each hostname your users need to
connect to. For example:
ln sudossh enterprise
ln sudossh defiant
ln sudossh voyager
ln sudossh constitution
ln sudossh hood
ln sudossh reliant
ln sudossh resolute
ln sudossh ronaldreagan
Your users just type:
enterprise
and the SSH session to enterprise is initiated as root and they are
prompted for their own password.
$0 is the name a command was called with, i.e. "enterprise", so
'sudo ssh $0' becomes 'sudo ssh enterprise'.
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 13:37:41 EDT