ssh logs? - Security

This is a discussion on ssh logs? - Security ; hi everyone, if I ssh from A to B, a log is generated in /var/log/messages of machine B...but is a log also generated in machine A when A tries to ssh to machine B. if so then where is it ...

+ Reply to Thread
Results 1 to 10 of 10

Thread: ssh logs?

  1. ssh logs?

    hi everyone,
    if I ssh from A to B, a log is generated in /var/log/messages of
    machine B...but is a log also generated in machine A when A tries to
    ssh to machine B. if so then where is it generated

    thanks
    danish


  2. Re: ssh logs?

    linuxadmin wrote:
    > if I ssh from A to B, a log is generated in /var/log/messages of
    > machine B...but is a log also generated in machine A when A tries to
    > ssh to machine B. if so then where is it generated


    Generally speaking, no, there is no log. There may be something in
    the user's shell history. Or you can turn on process accounting.


    --
    Oh to have a lodge in some vast wilderness. Where rumors of oppression
    and deceit, of unsuccessful and successful wars may never reach me
    anymore.
    -- William Cowper

  3. Re: ssh logs?


    Jeremiah DeWitt Weiner wrote:
    > linuxadmin wrote:
    > > if I ssh from A to B, a log is generated in /var/log/messages of
    > > machine B...but is a log also generated in machine A when A tries to
    > > ssh to machine B. if so then where is it generated

    >
    > Generally speaking, no, there is no log. There may be something in
    > the user's shell history. Or you can turn on process accounting.
    >
    >
    > --
    > Oh to have a lodge in some vast wilderness. Where rumors of oppression
    > and deceit, of unsuccessful and successful wars may never reach me
    > anymore.
    > -- William Cowper


    I will write down what I understood. Please correct me if Im wrong...

    Suppose the ssh-client machine is in a LAN. If I ssh to a computer
    outside the LAN there is no way a log can be generated on the client
    side which mentions that an ssh connection has been made to a .....ip

    thanks
    Danish


  4. Re: ssh logs?

    "linuxadmin" wrote in message
    news:1144299379.160581.116810@v46g2000cwv.googlegr oups.com

    >> Oh to have a lodge in some vast wilderness. Where rumors of
    >> oppression and deceit, of unsuccessful and successful wars may never
    >> reach me anymore.
    >> -- William Cowper

    >
    > I will write down what I understood. Please correct me if Im wrong...


    Just remember that the lodge should be made of (ssh) logs, and the
    wilderness should be a desert devoid of trees.

    Oh, you weren't responding to that part? So why did you quote it?


  5. Re: ssh logs?

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    linuxadmin wrote:


    > if I ssh from A to B, a log is generated in /var/log/messages of
    > machine B...but is a log also generated in machine A when A tries to
    > ssh to machine B. if so then where is it generated


    With "iptables" in machine A and the "LOG" target extension.

    - --
    Un saludo
    Alo [alo(@)uk2.net]
    PGP en http://pgp.eteo.mondragon.edu [Get "0xF6695A61 "]
    Usuario registrado Linux #276144 [http://counter.li.org]

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.2.2 (MingW32)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD4DBQFENKbMvzPPcPZpWmERAq5FAJjPCeeVMmMfRJparFBlVt Z/1RGgAJ9sqOq9
    Q+0UPzXbs9IhZne7R0Kybg==
    =5R1r
    -----END PGP SIGNATURE-----

  6. Re: ssh logs?

    linuxadmin wrote:
    >
    > I will write down what I understood. Please correct me if Im wrong...
    >
    > Suppose the ssh-client machine is in a LAN. If I ssh to a computer
    > outside the LAN there is no way a log can be generated on the client
    > side which mentions that an ssh connection has been made to a .....ip
    >
    > thanks
    > Danish
    >


    Depending on the paranoia level and/or conscientiousness of the admin of
    the local machine, you may have no logs, logs recording that ssh was
    used (normal for systems with process accounting), logs of all outgoing
    network connections (possible when starting within a corporate lan), or
    even keystroke monitoring. If you want to know what is being logged,
    ask your sysadmin and network admin.

    Doug

  7. Re: ssh logs?


    Douglas O'Neal wrote:
    > linuxadmin wrote:
    > >
    > > I will write down what I understood. Please correct me if Im wrong...
    > >
    > > Suppose the ssh-client machine is in a LAN. If I ssh to a computer
    > > outside the LAN there is no way a log can be generated on the client
    > > side which mentions that an ssh connection has been made to a .....ip
    > >
    > > thanks
    > > Danish
    > >

    >
    > Depending on the paranoia level and/or conscientiousness of the admin of
    > the local machine, you may have no logs, logs recording that ssh was
    > used (normal for systems with process accounting), logs of all outgoing
    > network connections (possible when starting within a corporate lan), or
    > even keystroke monitoring. If you want to know what is being logged,
    > ask your sysadmin and network admin.


    that is what I want to know. Is there a way that the logs can me made.
    I hope to become a sysadmin or networkadmin so I wanted to know

    Danish
    >
    > Doug



  8. Re: ssh logs?

    On Fri, 07 Apr 2006 01:10:25 -0700, linuxadmin wrote:

    >
    > Douglas O'Neal wrote:
    >> linuxadmin wrote:
    >> >
    >> > I will write down what I understood. Please correct me if Im wrong...
    >> >
    >> > Suppose the ssh-client machine is in a LAN. If I ssh to a computer
    >> > outside the LAN there is no way a log can be generated on the client
    >> > side which mentions that an ssh connection has been made to a .....ip
    >> >
    >> > thanks
    >> > Danish
    >> >

    >>
    >> Depending on the paranoia level and/or conscientiousness of the admin of
    >> the local machine, you may have no logs, logs recording that ssh was
    >> used (normal for systems with process accounting), logs of all outgoing
    >> network connections (possible when starting within a corporate lan), or
    >> even keystroke monitoring. If you want to know what is being logged,
    >> ask your sysadmin and network admin.

    >
    > that is what I want to know. Is there a way that the logs can me made.
    > I hope to become a sysadmin or networkadmin so I wanted to know
    >
    > Danish
    >>
    >> Doug


    You have been correctly advised of two methods to generate the logs you
    might want on the client machine, iptables and process accounting. These
    are each generally the same or very similar regardless of the distribution
    you are using, but you should always be looking for documentation that is
    specific to what you already have installed (or to what you will update to.)

    Since there are many options, the specific instructions that you want to
    or need to use could vary significantly, and you will probably have to
    work those out in detail for yourself. You will need to read the
    documentation.

    If these are already installed (probably are), you can usually read the
    documentation in a "man page" or "info" document (ie.: $ man iptables,
    _or_ $ info iptables).

    To find the CLI command names to read up on for "process accounting", you
    could try the line: "$ apropos account", which will usually give you a
    list of several commands you may wish to read up on.

    For software documentation that is not already on your system, a google
    search will usually bring up ample appropriate reading material.

    Good luck.



  9. Re: ssh logs?


    Newsbox wrote:
    > On Fri, 07 Apr 2006 01:10:25 -0700, linuxadmin wrote:
    >
    > >
    > > Douglas O'Neal wrote:
    > >> linuxadmin wrote:
    > >> >
    > >> > I will write down what I understood. Please correct me if Im wrong...
    > >> >
    > >> > Suppose the ssh-client machine is in a LAN. If I ssh to a computer
    > >> > outside the LAN there is no way a log can be generated on the client
    > >> > side which mentions that an ssh connection has been made to a .....ip
    > >> >
    > >> > thanks
    > >> > Danish
    > >> >
    > >>
    > >> Depending on the paranoia level and/or conscientiousness of the admin of
    > >> the local machine, you may have no logs, logs recording that ssh was
    > >> used (normal for systems with process accounting), logs of all outgoing
    > >> network connections (possible when starting within a corporate lan), or
    > >> even keystroke monitoring. If you want to know what is being logged,
    > >> ask your sysadmin and network admin.

    > >
    > > that is what I want to know. Is there a way that the logs can me made.
    > > I hope to become a sysadmin or networkadmin so I wanted to know
    > >
    > > Danish
    > >>
    > >> Doug

    >
    > You have been correctly advised of two methods to generate the logs you
    > might want on the client machine, iptables and process accounting. These
    > are each generally the same or very similar regardless of the distribution
    > you are using, but you should always be looking for documentation that is
    > specific to what you already have installed (or to what you will update to.)
    >
    > Since there are many options, the specific instructions that you want to
    > or need to use could vary significantly, and you will probably have to
    > work those out in detail for yourself. You will need to read the
    > documentation.
    >
    > If these are already installed (probably are), you can usually read the
    > documentation in a "man page" or "info" document (ie.: $ man iptables,
    > _or_ $ info iptables).
    >
    > To find the CLI command names to read up on for "process accounting", you
    > could try the line: "$ apropos account", which will usually give you a
    > list of several commands you may wish to read up on.
    >
    > For software documentation that is not already on your system, a google
    > search will usually bring up ample appropriate reading material.
    >
    > Good luck.


    thank you very much


  10. Re: ssh logs?


    linuxadmin wrote:
    > Newsbox wrote:
    > > On Fri, 07 Apr 2006 01:10:25 -0700, linuxadmin wrote:
    > >
    > > >
    > > > Douglas O'Neal wrote:
    > > >> linuxadmin wrote:
    > > >> >
    > > >> > I will write down what I understood. Please correct me if Im wrong...
    > > >> >
    > > >> > Suppose the ssh-client machine is in a LAN. If I ssh to a computer
    > > >> > outside the LAN there is no way a log can be generated on the client
    > > >> > side which mentions that an ssh connection has been made to a .....ip
    > > >> >
    > > >> > thanks
    > > >> > Danish
    > > >> >
    > > >>
    > > >> Depending on the paranoia level and/or conscientiousness of the admin of
    > > >> the local machine, you may have no logs, logs recording that ssh was
    > > >> used (normal for systems with process accounting), logs of all outgoing
    > > >> network connections (possible when starting within a corporate lan), or
    > > >> even keystroke monitoring. If you want to know what is being logged,
    > > >> ask your sysadmin and network admin.
    > > >
    > > > that is what I want to know. Is there a way that the logs can me made.
    > > > I hope to become a sysadmin or networkadmin so I wanted to know
    > > >
    > > > Danish
    > > >>
    > > >> Doug

    > >
    > > You have been correctly advised of two methods to generate the logs you
    > > might want on the client machine, iptables and process accounting. These
    > > are each generally the same or very similar regardless of the distribution
    > > you are using, but you should always be looking for documentation that is
    > > specific to what you already have installed (or to what you will update to.)
    > >
    > > Since there are many options, the specific instructions that you want to
    > > or need to use could vary significantly, and you will probably have to
    > > work those out in detail for yourself. You will need to read the
    > > documentation.
    > >
    > > If these are already installed (probably are), you can usually read the
    > > documentation in a "man page" or "info" document (ie.: $ man iptables,
    > > _or_ $ info iptables).
    > >
    > > To find the CLI command names to read up on for "process accounting", you
    > > could try the line: "$ apropos account", which will usually give you a
    > > list of several commands you may wish to read up on.
    > >
    > > For software documentation that is not already on your system, a google
    > > search will usually bring up ample appropriate reading material.
    > >
    > > Good luck.

    >
    > thank you very much

    thank you very much all
    Danish


+ Reply to Thread