Configure ttysnoop with SSH in Suse Or Redhat Linux

This time a nice administrator tool called TTYSNOOP, it permits to watch what other persons are doing in other terminals. Usefull for security people.

Steps:
1) Download openssh from http://openbsd.md5.com.ar/pub/OpenBSD/OpenSSH/portable/
wget http://openbsd.md5.com.ar/pub/OpenBSD/OpenSSH/portable/openssh-4.6p1.tar.gz
2) Uncompress it
tar zxvf openssh-4.6p1.tar.gz
3) Compile it, you have to set the “login” program that ssh has to use !
cd openssh-4.6p1
export LOGIN_PROGRAM=”/sbin/foo_login”
cd openssh-4.6p1
./configure –prefix=/usr –sysconfdir=/etc/ssh –without-zlib-version-check –with-pam –with-tcp-wrappers
make
make install

4) Modify the sshd_config file, should be located in /etc/ssh/sshd_config and change these variables:
PasswordAuthentication yes
UseLogin yes

Compile ttysnoop
5) Download ttysnoop from http://freshmeat.net/redir/ttysnoop26/
wget http://freshmeat.net/redir/ttysnoop26/50871/url_tgz/ttysnoop-0.12d.k26.tar.gz
6) tar xzvf ttysnoop-0.12d.k26.tar.gz
7) cd ttysnoop-0.12d.k26
8) make
9) make install

10) Copy the new login from ttysnoop:
cp ttysnoops /sbin/foo_login
11) This directory is not created, you have to do it:
mkdir /var/spool/ttysnoop

12) copy snooptab.dist to /etc
cp snooptab.dist /etc/snooptab

13) Edit /etc/snooptab
Comment all lines except:
* socket login /bin/login

Now you can use it:
#w
wlamagna pts/1 192.168.2.20 16:51 0.00s 1:42 0.01s login — wlamagna

In another terminal write this to snoop terminal 1.
#ttysnoop 1

Now you are ready to use ttysnoop 🙂 Please leave your comment with experiences.