๐ป Live SSH Monitoring
A downloadable tool for Linux
This Bash script is a powerful, self-contained utility for system administrators to securely and temporarily monitor user sessions over SSH in real-time, directly from the command line.
Its primary purpose is to create a "look-over-the-shoulder" view of what a remote user is doing, as if you were watching their screen locally. The entire process is encapsulated in a single file that handles setup, execution, and most importantly automatic cleanup, ensuring the system is always returned to its normal state.
๐ง How It Works: A Three-Phase Process
The script operates in three distinct phases:
- Automated Setup Phase: When executed with
sudo
, the script immediately prepares the system for monitoring.- Creates a Backup: It first creates a timestamped backup of your current SSH server configuration (
/etc/ssh/sshd_config
), safeguarding your existing setup. - Generates a Helper Script: It dynamically creates a small helper script that forces any new SSH user into a shared terminal session.
- Modifies SSH Configuration: It then temporarily appends a
ForceCommand
rule to thesshd_config
. This rule intercepts incoming SSH connections (excluding the administrator running the script and the root user) and runs the helper script for them. - Applies Changes: Finally, it restarts the SSH service to make these new rules active.
- Creates a Backup: It first creates a timestamped backup of your current SSH server configuration (
- Live Monitoring Phase: After the setup is complete, the script launches the administrator directly into a new, full-screen
tmux
session.- This session acts as the viewing portal.
- When a user connects via SSH, their session is not a standard shell but is instead mirrored directly into this
tmux
window for the administrator to see. By default, the SSH user is in a "read-only" mode, meaning they can see the terminal but not type commands, though this can be changed. - The script and the system then wait in this state, with the administrator watching the
tmux
window for any activity.
- Automatic Cleanup Phase: The script's most critical feature is its automatic cleanup.
- Using a
trap
, the script ensures that as soon as the administrator exits thetmux
viewing session (by typingexit
or pressingCtrl+D
), a cleanup function is immediately and automatically triggered. - This function reverses all the changes made during setup: it restores the original SSH configuration from the backup and restarts the SSH service one last time.
- This "failsafe" design guarantees that the temporary monitoring rules are removed and normal SSH access is restored for all users, even if the script is interrupted.
- Using a
โ๏ธ How to execute the script:
- Save the Script: Save the code named
monitor-ssh.sh
. - Make it Executable: chmod +x monitor-ssh.sh
- Run it with: sudo ./monitor-ssh.sh
Pre-requisites:
sudo apt update && sudo apt install tmux
๐ โ monitor-ssh.sh (nano monitor-ssh.sh)
#!/bin/bash # A self-contained script to temporarily monitor SSH sessions. # It sets up, launches a viewer, and cleans up automatically on exit. # --- Configuration --- # The user who is running the script, so we don't lock them out. # This works even with sudo, getting the original user's name. ADMIN_USER="${SUDO_USER:-$(whoami)}" SESSION_NAME="ssh-monitor" SSHD_CONFIG="/etc/ssh/sshd_config" BACKUP_FILE="/etc/ssh/sshd_config.bak.$(date +%F-%T)" HELPER_SCRIPT="/usr/local/bin/join-monitor-session.sh" # --- Main Functions --- # This function runs automatically when the script exits for any reason. cleanup() { echo -e "\n\n[INFO] Exiting viewer... Cleaning up automatically." # 1. Kill the helper script in case it's lingering rm -f "$HELPER_SCRIPT" # 2. Restore the original sshd_config from our backup if [ -f "$BACKUP_FILE" ]; then echo "[CLEANUP] Restoring SSH configuration from backup..." mv "$BACKUP_FILE" "$SSHD_CONFIG" else echo "[WARNING] No backup file found. Manual cleanup may be required." fi # 3. Restart the SSH service to apply the original config echo "[CLEANUP] Restarting SSH service to restore normal access..." systemctl restart sshd echo -e "\nโ Monitoring deactivated. System is back to normal." } # --- Script Execution --- # 1. Check for root privileges if [[ $EUID -ne 0 ]]; then echo "โ Error: This script must be run with sudo." exit 1 fi # 2. Set the trap to run our cleanup function on exit trap cleanup EXIT INT TERM # 3. Create the helper script that incoming SSH users will be forced to run cat <<EOF > "$HELPER_SCRIPT" #!/bin/bash if tmux has-session -t "$SESSION_NAME" 2>/dev/null; then # Attaches the SSH user as read-only. Remove '-r' to grant them control. tmux attach-session -t "$SESSION_NAME" -r else echo "Monitoring session is not active. Please contact an administrator." exit 1 fi EOF chmod +x "$HELPER_SCRIPT" # 4. Backup and modify the SSH configuration echo "[SETUP] Backing up current SSH config to $BACKUP_FILE..." cp "$SSHD_CONFIG" "$BACKUP_FILE" || { echo "โ Error: Failed to create backup. Aborting."; exit 1; } echo "[SETUP] Modifying SSH config to activate monitoring..." cat <<EOF >> "$SSHD_CONFIG" # --- START DYNAMIC SSH MONITORING BLOCK --- Match User *,!root,!$ADMIN_USER ForceCommand $HELPER_SCRIPT # --- END DYNAMIC SSH MONITORING BLOCK --- EOF # 5. Restart SSH to apply the new monitoring config echo "[SETUP] Restarting SSH service..." systemctl restart sshd || { echo "โ Error: Failed to restart sshd. Restoring from backup."; cleanup; exit 1; } # 6. Launch the viewer echo -e "\nโ Setup complete. Launching monitoring session..." echo "--------------------------------------------------------" echo "You are now in the live viewing terminal." echo "Any new SSH logins (except yours) will appear here." echo "To stop monitoring, simply exit this session (type 'exit' or press Ctrl+D)." echo "--------------------------------------------------------" sleep 2 # Give user time to read the message # This command starts tmux and hands control to the user. # The script will pause here until tmux is closed. tmux new-session -s "$SESSION_NAME" # Once the tmux session is exited, the script continues. # The 'trap' we set earlier will then immediately call the cleanup function. exit 0
Ethical Considerations โ ๏ธ
Remember, monitoring user sessions is a significant invasion of privacy. In a professional or multi-user environment, you must:
- Get Authorization: Ensure you have explicit permission to monitor sessions.
- Inform Users: Notify users that their sessions may be monitored for security or administrative purposes, often through a login banner (
Banner
directive in/etc/ssh/sshd_config
). Check your local laws and company policies.
Published | 2 days ago |
Status | In development |
Category | Tool |
Platforms | Linux |
Author | Lachie1999 ๐พ |
Tags | bash, linux, script, ssh |