Objective: Log the output of a ssh session on Linux.
The OpenSSH SSH client installed by default on most Linux distributions does not support session logging. By default, we usually use the following ssh command syntax to connect to a server.
|
1 |
$ ssh user@server |
In order to log the ssh session output, we will need to read the output from the ssh session and redirect the output to both the screen and to a file. The best tool for this job is tee – a small utility that reads data from standard input and writes it to both standard output and one or more files, effectively duplicating its input. So, to enable ssh session logging, we will need to use the following command syntax where the ssh command output is redirected to tee.
|
1 |
$ ssh user@server | tee /path/to/ssh/logfile.log |
The tee command will output the ssh session log to both the screen and to a file. In the example above, the ssh session log will be written to /path/to/ssh/logfile.log file.
Another alternative is to use the screen command to log ssh sessions.
Start a new screen session.
|
1 |
$ screen -S ssh |
Once you are in the screen terminal, use Ctrl-a : key sequence to enter screen command line mode. At the prompt, specify the screen log file name. This step is optional.
|
1 |
:logfile /path/to/screen/ssh/logfile.log |
Next, use Ctrl-a H key sequence to enable logging. If you did not specify the log file name in the above step, log files will be named screenlog.n by default, where n is the screen window number. Once logging is enabled, use ssh as normal within the screen terminal.
|
1 |
$ ssh user@server |
Once you are done, exit the ssh session and use Ctrl-a H key sequence again to end screen logging.
Mohamed Ibrahim
ibrahim = { interested_in(unix, linux, android, open_source, reverse_engineering); coding(c, shell, php, python, java, javascript, nodejs, react); plays_on(xbox, ps4); linux_desktop_user(true); }
