Instrumented SSH
NERSC recently undertook a project to access and analyze Secure Shell (SSH) related data. This includes authentication data such as user names and key fingerprints, interactive session data such as keystrokes and responses, and information about noninteractive sessions such as commands executed and files transferred. Historically, this data has been inaccessible with traditional network monitoring techniques, but with a modification to the SSH daemon, this data can be passed directly to intrusion detection systems for analysis. The instrumented version of SSH is now running on all NERSC production systems. This paper describes the project, details about how SSH was instrumented, and the initial results of putting this in production.
- Research Organization:
- Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States)
- Sponsoring Organization:
- National Energy Research Scientific Computing Division
- DOE Contract Number:
- DE-AC02-05CH11231
- OSTI ID:
- 960441
- Report Number(s):
- LBNL-1941E; TRN: US200923%%498
- Country of Publication:
- United States
- Language:
- English
Similar Records
iSSH v. Auditd: Intrusion Detection in High Performance Computing
Detecting and Blocking Network Attacks at Ultra High Speeds