skip to main content

Title: Instrumented SSH

NERSC recently undertook a project to access and analyze Secure Shell (SSH) related data. This includes authentication data such as user names and key fingerprints, interactive session data such as keystrokes and responses, and information about noninteractive sessions such as commands executed and files transferred. Historically, this data has been inaccessible with traditional network monitoring techniques, but with a modification to the SSH daemon, this data can be passed directly to intrusion detection systems for analysis. The instrumented version of SSH is now running on all NERSC production systems. This paper describes the project, details about how SSH was instrumented, and the initial results of putting this in production.
Authors:
;
Publication Date:
OSTI Identifier:
960441
Report Number(s):
LBNL-1941E
TRN: US200923%%498
DOE Contract Number:
DE-AC02-05CH11231
Resource Type:
Technical Report
Research Org:
Ernest Orlando Lawrence Berkeley National Laboratory, Berkeley, CA (US)
Sponsoring Org:
National Energy Research Scientific Computing Division
Country of Publication:
United States
Language:
English
Subject:
97; INTRUSION DETECTION SYSTEMS; MODIFICATIONS; MONITORING; PRODUCTION Computer Security