On Wed, Sep 23, 2009 at 5:54 PM, <blee2@tampabay.rr.com> wrote:
> Thus Richard Tricoche hast written on Wed, Sep 23, 2009 at 04:51:55PM
> -0400, and, according to prophecy, it shall come to pass that:
> > I have a server (source machine) that many users log into and su - root.
> > >From this server - these folks ssh out to other (target) machines as
> root
> > and gain direct login access to the machines via ssh keys.
>
> Ouch.
>
It sounds more insecure than it actually is.
>
> > I'm looking for a way to log some activity on the client side (source
> machine)
> > The goal is to determine at any point "which user" (the real user before
> su
> > - root) - has initiated ssh connections to "which (target) machine" - at
> > "what time".
> >
> > Criteria:
> > --------------
> > User > Target Machine > Timestamp
>
> Rework your methodology, use sudo instead of su.
>
> The command your users would use is:
>
> sudo ssh host
>
> The sudo logs (where depends on your flavor) will indicate that user ran
> "sudo ssh enterprise" at XX:XX timestamp.
>
>
sudo sounds like a great solution, but we don't have the authority to revamp
the system. We are constrained to the current methodology.
Unfortunately, this applies to the your very neat script idea. We have
hundreds of server with hundreds of users. Creating the links and listing
server names individually is just not feasible.
Doesn't ssh client have the ability to log somehow? It must.
All I need is:
User > Target Machine > Timestamp
>
> Now, here's some magic for you...
> Create the following script and call it sudossh:
>
> sudo ssh $0
>
> THEN create links to it in their path, one for each hostname your users
> need to
> connect to. For example:
>
> ln sudossh enterprise
> ln sudossh defiant
> ln sudossh voyager
> ln sudossh constitution
> ln sudossh hood
> ln sudossh reliant
> ln sudossh resolute
> ln sudossh ronaldreagan
>
> Your users just type:
>
> enterprise
>
> and the SSH session to enterprise is initiated as root and they are
> prompted for their own password.
>
>
> $0 is the name a command was called with, i.e. "enterprise", so
> 'sudo ssh $0' becomes 'sudo ssh enterprise'.
>
> -----------------------------------------------------------------------
> This list is provided as an unmoderated internet service by Networked
> Knowledge Systems (NKS). Views and opinions expressed in messages
> posted are those of the author and do not necessarily reflect the
> official policy or position of NKS or any of its employees.
>
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 13:37:59 EDT