I am willing to deploy on my server an SSH daemon which I can know what commands was executed. But I don't know how to get the user's commands. I achieve a SSH server based on twisted.conch.ssh.session. I can get all stdout in outReceived of SSHSessionProcessProtocol, But it is difficult to extract the user's commands from the stdout accurately, because that rely heavily on the prompt of Linux($PS1).
import sys
import checkers
from twisted.python import components, log, logfile
from twisted.cred import portal
from twisted.internet import reactor
from twisted.conch.ssh import factory, keys, session, filetransfer
from twisted.conch.unix import UnixSSHRealm, SSHSessionForUnixConchUser, UnixConchUser
import keyvalue
if __name__ == "__main__":
sshFactory = factory.SSHFactory()
sshFactory.portal = portal.Portal(UnixSSHRealm())
sshFactory.portal.registerChecker(checkers.UsernamePasswordChecker())
sshFactory.publicKeys = {
'ssh-rsa': keys.Key.fromString(keyvalue.publicKey)}
sshFactory.privateKeys = {
'ssh-rsa': keys.Key.fromString(keyvalue.privateKey)}
components.registerAdapter(
SSHSessionForUnixConchUser, UnixConchUser, session.ISession)
log.startLogging(sys.stdout)
reactor.listenTCP(2222, sshFactory)
reactor.run()
You are correct; it is very hard to accurately get the user's commands, because it is (in the general case) literally impossible to differentiate between user input that goes to the shell and user input that goes to other programs.
You might want to consider writing your own shell that runs inside Twisted, and log the commands the user types into that. but if you want them to literally run their login shell, you're out of luck.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.