record ssh sessions
How to record ssh sessions on a Linux Server, Router, Switch using Ezeelogin ssh Jump Server.
The "SSH Log" recording feature lets you record ssh sessions of ssh jump server users ( system admins, system engineer , developers . network administrators) accessing remote Linux servers / cloud instances / switches / routers and other network devices that are accessible via the ssh protocol.
The SSHD daemon has to be running on the remote devices. The SSH daemon comes with the OpenSSH packages on most Linux distributions. ( Centos 6, Centos7, Centos 8, Centos 5, Centos 4, Ubuntu 14, Ubuntu 16, Ubuntu 18, SUSE, RHEL , Fedora , Freebsd and more. ).
There is NO need to install a agent on the Remote Linux servers ( Production servers ) to record ssh session of users accessing the servers via ssh.
Disable tcp forwarding in SSHD server configuration file on the jump server.
The ssh session recorded lets you audit the ssh users accessing the Linux servers remotely via the ssh protocol. You can also monitor a ssh user in real time. You can also search the entire logs recorded for a string or pattern which is very useful to perform security audits on various security incidents, lapses, security forensics etc. This is useful for meeting security compliances like pci dss, hippa, nist , nerc, ffiec etc.
1. To enable ssh recording of the jump server users on the Ezeelogin ssh jump server gui, do the following.
Navigate to Settings->General->Security->SSH Session Logging

There are 3 settings to record the ssh sessions
- None - This would disable ssh session recording.
- Input - This would record only the STDIN , which would be the keyboard inputs of the ssh jump server user.
- Output - This would record only the STDOUT which would be the outputs on the screen of the jump server user.
- Both - This would record both the STDIN and STDOUT of the ssh session.
2. How to view the user ssh session recorded on the Ezeelogin ssh jump server gui?

B) Click on the ’Log type output’ to view the entire ssh session recorded for the user john on the server tesla.eznoc.com. As you can see the entire ssh session is available.
3. How to view the ssh session recorded of a user in real time ?
a) Identify the ongoing ssh sessions which has the status ' Active' and Click on its 'note' icon on the right.
b)Click on enable streaming and choose the interval of 1 second and you will be able to what the jump server user is doing on a server in real time.
4. How to encrypt users ssh session log recorded to meet security compliances?
You can enable ’Encrypt ssh session logs’ under Settings->General->Security so that logs are not human readable. Note that the logs are only readable from the gui. In the backend, the ssh logs are stored in the /var/log/ezlogin directory.
5. How to search the users recorded ssh session logs for specific strings or keywords?
Enter the string to be searched in the field 'Log Content'. The results show the matching logs and user,username with which the server was accessed and the login and logout times are recorded as well.
6. The Administrator user can download any users ssh session to remote devices as a text file by clicking on the blue arrow as shown below.
7. The normal user can download his own ssh session logs recorded under Users->SSH Log