Comments (5)
Hi @sabban, thank you for this kind message and your other PRs, this is exactly what I love in the OSS ecosystem. 😊
If I am not wrong, the remote session on the remote host server is not audited. If you are interested in such a feature I am already working on it; the idea is to provide a logfile for each session that could be read by something like ttyrec. I would be happy to provide a patch for this.
They are currently only logged as basic events: start/stop time
, user
, host
(available with session ls
command)
I also wanted to record the full TTY session; I would love a patch (let me know if you need some help)
That looks interesting:
- https://github.com/arkan/bastion/blob/master/pkg/logchannel/logchannel.go
- https://github.com/arkan/bastion/blob/master/main.go#L73-L93
Moreover there's one last thing we may need here, it's the tunnel feature from ssh (tunnels invoked by -L or -R options in ssh). And we would like it logged (I thought about a pcap file for that). What is your opinion about this?
I didn't think about this one, but it follows the main idea of sshportal, pcap
is standard, so a good idea too
From what I see, there were already some work done for the local forward (see gliderlabs/ssh#38), if it is usable, it looks easy to add the remote forward feature on gliderlabs/ssh
I will look after the Xmas dinner digestion
Thank you again 👍
from sshportal.
Yes, this sounds promising :)
I will continue working on this after New Year's Eve !
from sshportal.
Hi,
I use this thread to ask your advice on sftp session auditing. I you prefer I can open a new issue.
sftp sessions are audited, but audit log is not that useful, as the format is not like usual sessions. Sftp use the secure channel to its own protocol. We can improve something as the created channel should contain "subsystem sftp" in newChan.ExtraData, but this seems to be rather complicated, as we have to handle each different sftp request.
https://filezilla-project.org/specs/draft-ietf-secsh-filexfer-02.txt
The ideas that came to my mind are:
- log raw sftp requests with a new audit package
- create a whole abstraction to understand sftp protocol. This is a lot work and may be out of the scope of the project.
- implement an independant tool to re-build the whole sftp session from the actual audit file.
I would have you thoughts on this topics, before implementing something.
from sshportal.
Logging raw sftp requests seem the best choice for now, in term of forensic, it's not the easier to use solution but at least it won't miss anything
I'm for handling sftp natively later, but I prefer to wait a little bit more to see how gliderslabs/ssh will handle this: https://github.com/gliderlabs/ssh/search?q=sftp&type=Issues&utf8=%E2%9C%93
from sshportal.
Closing the issue as I plan to work on the v2 of this project and I need to make some cleanup in the issues see #210
from sshportal.
Related Issues (20)
- Can't purge access list db.
- Broken dependency on sabban/bastion HOT 1
- Dependency Dashboard
- Unable to connect to older Solaris hosts.
- [Feature] Allow all connections access to specified host HOT 1
- Bug when unassign-group on user HOT 12
- MySQL foreign key constraints HOT 3
- Import of ed25519 keys
- Running SSHPortal in a container how to connect to outside SQL DB HOT 1
- Feature add: config file as database HOT 1
- How to view session logs ? HOT 3
- How to connect sshportal HOT 4
- SSHPortal accepts the first key, then disconnects, even if there are multiple in ssh-agent.
- User "Admin" is added to each usergroup created. Unable to remove.
- Is this p2p communication?
- Hide sensitive data in docker compose
- Ubuntu 20 | sshportal: command not found HOT 5
- passwordless login? HOT 2
- Sessions are closed after port-forwarded connection completes HOT 4
- sshportal enable keyboard-interactive ?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sshportal.