skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Instrumented SSH

Abstract

NERSC recently undertook a project to access and analyze Secure Shell (SSH) related data. This includes authentication data such as user names and key fingerprints, interactive session data such as keystrokes and responses, and information about noninteractive sessions such as commands executed and files transferred. Historically, this data has been inaccessible with traditional network monitoring techniques, but with a modification to the SSH daemon, this data can be passed directly to intrusion detection systems for analysis. The instrumented version of SSH is now running on all NERSC production systems. This paper describes the project, details about how SSH was instrumented, and the initial results of putting this in production.

Authors:
;
Publication Date:
Research Org.:
Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States)
Sponsoring Org.:
National Energy Research Scientific Computing Division
OSTI Identifier:
960441
Report Number(s):
LBNL-1941E
TRN: US200923%%498
DOE Contract Number:  
DE-AC02-05CH11231
Resource Type:
Technical Report
Country of Publication:
United States
Language:
English
Subject:
97; INTRUSION DETECTION SYSTEMS; MODIFICATIONS; MONITORING; PRODUCTION; Computer Security

Citation Formats

Campbell, Scott, and Campbell, Scott. Instrumented SSH. United States: N. p., 2009. Web. doi:10.2172/960441.
Campbell, Scott, & Campbell, Scott. Instrumented SSH. United States. doi:10.2172/960441.
Campbell, Scott, and Campbell, Scott. Wed . "Instrumented SSH". United States. doi:10.2172/960441. https://www.osti.gov/servlets/purl/960441.
@article{osti_960441,
title = {Instrumented SSH},
author = {Campbell, Scott and Campbell, Scott},
abstractNote = {NERSC recently undertook a project to access and analyze Secure Shell (SSH) related data. This includes authentication data such as user names and key fingerprints, interactive session data such as keystrokes and responses, and information about noninteractive sessions such as commands executed and files transferred. Historically, this data has been inaccessible with traditional network monitoring techniques, but with a modification to the SSH daemon, this data can be passed directly to intrusion detection systems for analysis. The instrumented version of SSH is now running on all NERSC production systems. This paper describes the project, details about how SSH was instrumented, and the initial results of putting this in production.},
doi = {10.2172/960441},
journal = {},
number = ,
volume = ,
place = {United States},
year = {Wed May 27 00:00:00 EDT 2009},
month = {Wed May 27 00:00:00 EDT 2009}
}

Technical Report:

Save / Share: