Record ssh sessions

Record ssh sessions - How to enable it on the bastion host (also called a “ jump server ” ) 

This feature lets you record ssh sessions of ssh jump servers users accessing servers or amazon instances or other cloud instances via the jump box. This is useful for meeting security compliances like pci dss, hippa, nist , nerc, ffiec etc. To enable ssh recording.

  1. Navigate to Settings->General->Security->SSH Session Logging
    record-ssh-session-setting

There are 3 settings to record the ssh sessions

  • None - This would disable ssh session recording.
  • Input - This would record only the STDIN , which would be the keyboard inputs of the ssh jump server user. 
  • Output - This would record only the STDOUT which would be the outputs on the screen of the jump server user.
  • Both - This would record both the STDIN and STDOUT of the ssh session.

     The input mode would record the invisible characters typed into the STDIN, hence it would record the password changes of a user that is done using the password command. This would be in violation of security compliances like pci dss, hipaa, nist etc. We would recommend choosing output only to avoid recording the password in order to meet security compliance.

How to view the ssh session recorded?

  1. Navigate to users->SSH log and select the jump server user and the server  to view the recorded session for that server.
    ssh-session-recording


  2. Click on the 'Log type output' to view the entire ssh session recorded for the user john on the server tesla.eznoc.com.  As you can see the entire ssh session is available.

    record-ssh-session

     How to view the ssh session recorded in real time or view the currently on going ssh session of jump server users live?

    Click on enable streaming and choose the interval of 1 second and you will be able to what the jump server user is doing on a server in real time. 
     
    Ensure to disable ssh log encryption under Settings->General->Security->Encrypt SSH Session logs so that the Enable streaming button is visible.

live-ssh-session-recording

 

0 (0)
Article Rating (No Votes)
Rate this article
    Attached Files
    There are no attachments for this article.
    Related Articles RSS Feed
    Access Keyword 2FA explained
    Viewed 105 times since Wed, Jan 30, 2019
    How to ensure that password are not recorded when ssh session recording is enabled to meet security compliances like PCI DSS 3.2 , HIPAA, SOX, SOC2, FFIEC, NERC CIP, ISO 27001 ?
    Viewed 1084 times since Fri, Mar 2, 2018
    Configure four eyes authorization
    Viewed 1281 times since Fri, Dec 1, 2017
    How to change the private key in use and change the default public key in use?
    Viewed 1679 times since Fri, Dec 1, 2017
    Set SSH User Expiry
    Viewed 526 times since Thu, Sep 20, 2018
    Can I use Google 2FA, Yubikey , DUO simultaneously?
    Viewed 1742 times since Thu, Dec 14, 2017
    encryption type used for securing users ssh logs in ezeelogin
    Viewed 1005 times since Thu, Jun 15, 2017
    How to enforce 2 Factor Authentication on user login?
    Viewed 505 times since Wed, Sep 19, 2018
    record rdp session
    Viewed 291 times since Thu, Dec 6, 2018
    How to stream the ssh sessions in real time?
    Viewed 2188 times since Wed, Nov 22, 2017