Mailing List Archive: want to know what the othe ssh user is doing

want to know what the othe ssh user is doing

Apr 30, 2009, 7:08 AM

Post #1 of 3 (2787 views)

Hello all,

I like to monitor (live) the command executed by other ssh user. "ps -u <username> " or "top" might help a little bit. But I like to have a LIVE shell based monitoring tool so that I can simple see the command executed by the ssh users?
Is there any such tool ? My ssh version is

openssh-server_5.1p1-5_i386.deb

Thanks

Re: want to know what the othe ssh user is doing [ In reply to ]

mokhov at cs

Apr 30, 2009, 10:10 AM

Post #2 of 3 (2660 views)

Permalink

On Thu, 30 Apr 2009, J. Bakshi wrote:

> Date: Thu, 30 Apr 2009 19:38:54 +0530
>
> Hello all,
>
> I like to monitor (live) the command executed by other ssh user. "ps -u
> <username> " or "top" might help a little bit. But I like to have a LIVE
> shell based monitoring tool so that I can simple see the command
> executed by the ssh users? Is there any such tool ? My ssh version is

The ages-long tools is 'script', e.g. with option -f. Read 'man script'
for details. This is not relelvant whether the users use ssh or not.
You can make script to start by default as their 'login shell' and script
would fork the real shell -- an anything the users do within that shell
will be writen into a file or pipe somewhere, which you can read in real
time using 'tail -f'. You can also always make your own little shell that
copies the STDIN, STDERR and STDOUT of their session where you need to
(e.g. a pipe or a socket).

> openssh-server_5.1p1-5_i386.deb
>
> Thanks

--
Serguei A. Mokhov, PhD Candidate | /~\ The ASCII
Computer Science and Software Engineering & | \ / Ribbon Campaign
Concordia Institute for Information Systems Engineering | X Against HTML
Concordia University, Montreal, Quebec, Canada | / \ Email!

Re: want to know what the othe ssh user is doing [ In reply to ]

richard.sammet at googlemail

Apr 30, 2009, 2:23 PM

Post #3 of 3 (2678 views)

Permalink

Hi "J",

you can do that with your unix/linux onboard tools. just attach strace
to the sshd process of the user you want to monitor:

strace -s 4096 -e trace=read -p PROCESS_ID

than have a look for the shell prompt (e.g.):

read(10, "\33]0;USERNAME@HOSTNAME:~\7"..., 16384) = 22

now you know that the FD (file handle) is 10 for the users ssh session terminal.

then you can do something like that:

strace -s 4096 -e trace=read -p 10417 2>&1 | grep -E '^read\(10,' |
grep -oE '".+"'

and you should get an output like:

"uname -a"
"\r\n"
"Linux HOSTNAME 2.6.29.1 #1 SMP Sat Apr 18 11:22:05 CEST 2009 i686
Intel(R) Core(TM)2 Duo CPU L7500 @ 1.60GHz GenuineIntel GNU/Linux\r\n"
"\33]0;USERNAME@HOSTNAME:~\7"

well, this will only work if you have root permission on the server
running sshd.

have fun,
richard

On Thu, Apr 30, 2009 at 4:08 PM, J. Bakshi <bakshi12@gmail.com> wrote:
> Hello all,
>
> I like to monitor (live) the command executed by other ssh user. "ps -u <username> " or "top" might help a little bit. But I like to have a LIVE shell based monitoring tool so that I can simple see the command executed by the ssh users?
> Is there any such tool ? My ssh version is
>
> openssh-server_5.1p1-5_i386.deb
>
> Thanks
>