Configure ttysnoop with SSH in Suse Or Redhat Linux

This time a nice administrator tool called TTYSNOOP, it permits to watch what other persons are doing in other terminals. Usefull for security people.

1) Download openssh from
2) Uncompress it
tar zxvf openssh-4.6p1.tar.gz
3) Compile it, you have to set the “login” program that ssh has to use !
cd openssh-4.6p1
export LOGIN_PROGRAM=”/sbin/foo_login”
cd openssh-4.6p1
./configure –prefix=/usr –sysconfdir=/etc/ssh –without-zlib-version-check –with-pam –with-tcp-wrappers
make install

4) Modify the sshd_config file, should be located in /etc/ssh/sshd_config and change these variables:
PasswordAuthentication yes
UseLogin yes

Compile ttysnoop
5) Download ttysnoop from
6) tar xzvf ttysnoop-0.12d.k26.tar.gz
7) cd ttysnoop-0.12d.k26
8) make
9) make install

10) Copy the new login from ttysnoop:
cp ttysnoops /sbin/foo_login
11) This directory is not created, you have to do it:
mkdir /var/spool/ttysnoop

12) copy snooptab.dist to /etc
cp snooptab.dist /etc/snooptab

13) Edit /etc/snooptab
Comment all lines except:
* socket login /bin/login

Now you can use it:
wlamagna pts/1 16:51 0.00s 1:42 0.01s login — wlamagna

In another terminal write this to snoop terminal 1.
#ttysnoop 1

Now you are ready to use ttysnoop 🙂 Please leave your comment with experiences.