Sometimes it is useful to record every command that executed by remote ssh. Administrators can use those records to audit system security issues. This post is used to configure ssh and .bash_history, then commands that executed by remote ssh can be recorded in .bash_history in dedicated format.

1. Configure /etc/ssh/sshd_config

  • Add below command to /etc/ssh/sshd_config
ForceCommand if [[ -z $SSH_ORIGINAL_COMMAND ]]; then bash; else printf "$SSH_ORIGINAL_COMMAND\n" >> .bash_history; bash -c "$SSH_ORIGINAL_COMMAND"; fi
  • Restart sshd service
systemctl restart sshd

2. Configure .bash_history

  • Add below configurations to /etc/bashrc
export HISTTIMEFORMAT="%Y-%m-%d %H:%M:%S "
export HISTSIZE=10000
export HISTFILESIZE=10000

References

Logging ssh remote commands to bash_history
7 Tips – Tuning Command Line History in Bash