A downloadable tool for Linux

This Bash script is a powerful, self-contained utility for system administrators to securely and temporarily monitor user sessions over SSH in real-time, directly from the command line.

Its primary purpose is to create a "look-over-the-shoulder" view of what a remote user is doing, as if you were watching their screen locally. The entire process is encapsulated in a single file that handles setup, execution, and most importantly automatic cleanup, ensuring the system is always returned to its normal state.

๐Ÿง  How It Works: A Three-Phase Process

The script operates in three distinct phases:

  1. Automated Setup Phase: When executed with sudo, the script immediately prepares the system for monitoring.
    • Creates a Backup: It first creates a timestamped backup of your current SSH server configuration (/etc/ssh/sshd_config), safeguarding your existing setup.
    • Generates a Helper Script: It dynamically creates a small helper script that forces any new SSH user into a shared terminal session.
    • Modifies SSH Configuration: It then temporarily appends a ForceCommand rule to the sshd_config. This rule intercepts incoming SSH connections (excluding the administrator running the script and the root user) and runs the helper script for them.
    • Applies Changes: Finally, it restarts the SSH service to make these new rules active.
  2. Live Monitoring Phase: After the setup is complete, the script launches the administrator directly into a new, full-screen tmux session.
    • This session acts as the viewing portal.
    • When a user connects via SSH, their session is not a standard shell but is instead mirrored directly into this tmux window for the administrator to see. By default, the SSH user is in a "read-only" mode, meaning they can see the terminal but not type commands, though this can be changed.
    • The script and the system then wait in this state, with the administrator watching the tmux window for any activity.
  3. Automatic Cleanup Phase: The script's most critical feature is its automatic cleanup.
    • Using a trap, the script ensures that as soon as the administrator exits the tmux viewing session (by typing exit or pressing Ctrl+D), a cleanup function is immediately and automatically triggered.
    • This function reverses all the changes made during setup: it restores the original SSH configuration from the backup and restarts the SSH service one last time.
    • This "failsafe" design guarantees that the temporary monitoring rules are removed and normal SSH access is restored for all users, even if the script is interrupted.

โš™๏ธ How to execute the script: 

  1. Save the Script: Save the code named monitor-ssh.sh.
  2. Make it Executable: chmod +x monitor-ssh.sh
  3. Run it with: sudo ./monitor-ssh.sh

Pre-requisites: 

sudo apt update && sudo apt install tmux


๐Ÿ“œ โ€“ monitor-ssh.sh (nano monitor-ssh.sh)

#!/bin/bash
# A self-contained script to temporarily monitor SSH sessions.
# It sets up, launches a viewer, and cleans up automatically on exit.
# --- Configuration ---
# The user who is running the script, so we don't lock them out.
# This works even with sudo, getting the original user's name.
ADMIN_USER="${SUDO_USER:-$(whoami)}"
SESSION_NAME="ssh-monitor"
SSHD_CONFIG="/etc/ssh/sshd_config"
BACKUP_FILE="/etc/ssh/sshd_config.bak.$(date +%F-%T)"
HELPER_SCRIPT="/usr/local/bin/join-monitor-session.sh"
# --- Main Functions ---
# This function runs automatically when the script exits for any reason.
cleanup() {
  echo -e "\n\n[INFO] Exiting viewer... Cleaning up automatically."
  
  # 1. Kill the helper script in case it's lingering
  rm -f "$HELPER_SCRIPT"
  # 2. Restore the original sshd_config from our backup
  if [ -f "$BACKUP_FILE" ]; then
    echo "[CLEANUP] Restoring SSH configuration from backup..."
    mv "$BACKUP_FILE" "$SSHD_CONFIG"
  else
    echo "[WARNING] No backup file found. Manual cleanup may be required."
  fi
  # 3. Restart the SSH service to apply the original config
  echo "[CLEANUP] Restarting SSH service to restore normal access..."
  systemctl restart sshd
  
  echo -e "\nโœ… Monitoring deactivated. System is back to normal."
}
# --- Script Execution ---
# 1. Check for root privileges
if [[ $EUID -ne 0 ]]; then
   echo "โŒ Error: This script must be run with sudo."
   exit 1
fi
# 2. Set the trap to run our cleanup function on exit
trap cleanup EXIT INT TERM
# 3. Create the helper script that incoming SSH users will be forced to run
cat <<EOF > "$HELPER_SCRIPT"
#!/bin/bash
if tmux has-session -t "$SESSION_NAME" 2>/dev/null; then
  # Attaches the SSH user as read-only. Remove '-r' to grant them control.
  tmux attach-session -t "$SESSION_NAME" -r
else
  echo "Monitoring session is not active. Please contact an administrator."
  exit 1
fi
EOF
chmod +x "$HELPER_SCRIPT"
# 4. Backup and modify the SSH configuration
echo "[SETUP] Backing up current SSH config to $BACKUP_FILE..."
cp "$SSHD_CONFIG" "$BACKUP_FILE" || { echo "โŒ Error: Failed to create backup. Aborting."; exit 1; }
echo "[SETUP] Modifying SSH config to activate monitoring..."
cat <<EOF >> "$SSHD_CONFIG"
# --- START DYNAMIC SSH MONITORING BLOCK ---
Match User *,!root,!$ADMIN_USER
    ForceCommand $HELPER_SCRIPT
# --- END DYNAMIC SSH MONITORING BLOCK ---
EOF
# 5. Restart SSH to apply the new monitoring config
echo "[SETUP] Restarting SSH service..."
systemctl restart sshd || { echo "โŒ Error: Failed to restart sshd. Restoring from backup."; cleanup; exit 1; }
# 6. Launch the viewer
echo -e "\nโœ… Setup complete. Launching monitoring session..."
echo "--------------------------------------------------------"
echo "You are now in the live viewing terminal."
echo "Any new SSH logins (except yours) will appear here."
echo "To stop monitoring, simply exit this session (type 'exit' or press Ctrl+D)."
echo "--------------------------------------------------------"
sleep 2 # Give user time to read the message
# This command starts tmux and hands control to the user.
# The script will pause here until tmux is closed.
tmux new-session -s "$SESSION_NAME"
# Once the tmux session is exited, the script continues.
# The 'trap' we set earlier will then immediately call the cleanup function.
exit 0

Ethical Considerations โš ๏ธ

Remember, monitoring user sessions is a significant invasion of privacy. In a professional or multi-user environment, you must:

  • Get Authorization: Ensure you have explicit permission to monitor sessions.
  • Inform Users: Notify users that their sessions may be monitored for security or administrative purposes, often through a login banner (Banner directive in /etc/ssh/sshd_config). Check your local laws and company policies.
Published 2 days ago
StatusIn development
CategoryTool
PlatformsLinux
AuthorLachie1999 ๐Ÿ’พ
Tagsbash, linux, script, ssh

Download

Download
monitor-ssh.sh 3.2 kB