Record SSH Sessions

There are times when it’s not enough to have metadata of what somebody did in an SSH session. Finding the root cause of an issue by sorting through audit logs takes time and doesn’t guarantee you’ll figure exactly what went wrong. It’s like looking at footprints to figure out what someone did and where they went. This is where full recording of SSH session becomes indispensable.

Privileged session recording, or SSH session recording, means recording the user’s actual screen during their SSH session for real-time or later playback. If audit logging is akin to tracking footprints to learn what someone did, session recording is like having security surveillance that you could watch live or replay later.

Analysts and research companies advise security and infrastructure leaders to deploy SSH session recording solutions as soon as possible for the following reasons:

Secure low-level root infrastructure. Having video recording of raw shell sessions, in addition to logs and metadata, helps find the root cause of alerts and issues so they can be fixed faster. Live session viewing lets you watch SSH sessions and stop suspicious or wrongful activity in its tracks.

Meet security compliance requirements. Some organizations are beginning to require that all privileged (SSH) sessions not only be logged but also recorded, along with metadata that proves precisely which employee viewed what data. Capturing forensic-level detail of low-level access to infrastructure has even become a key ingredient to legally processing end-user data like cookies or web server logs.

Reduce operational overhead. When something goes wrong in the system it’s not always because of a security issue. More often than not it’s caused by a mistake by someone on the team. Finding out who caused it and what exactly went wrong is easy when you can just watch a video of the session in question. And recording SSH sessions, even sessions coming from SSH-integrated tools like database interfaces or integrated development environments, can be easily done.

Training and knowledge sharing. New engineers can watch replays of live SSH sessions to learn faster, make fewer mistakes and more quickly gain the confidence of their peers and senior leads.

Visibility in the system. If you’re responsible for the organization’s engineering infrastructure, you just want to see who’s running SSH sessions and what they’re doing, without relying solely on logs and what people tell you.

Sharing Sessions Activity in Real Time

Beyond replaying SSH sessions, there are good reasons to be able to view and share SSH sessions in real-time. From a security perspective, you can watch suspicious activity and stop it in its tracks, or shadow individuals as they perform sensitive work on secure servers — the “four eyes” principle. From a collaboration and training perspective, you can invite a team member to a live SSH session so you could troubleshoot a problem together or conduct training.

Recording SSH sessions is painless with Teleport

Complete session logging and recording, including metadata and user identities, across entire clusters. Keep the full recordings of all interactive SSH sessions within any region or datacenter topology, from spot instances on modern clouds to old servers buried in phone closests. Teleport automatically records and stores all SSH sessions on the nearest bastion or “admin box” without requiring complicated client configuration. Recorded sessions can be replayed via command line interface or via web-based player.

Separation between the privileged session and its recording. The session recording is encrypted, compressed and stored in a separate server from where the privileged session occurred, so it can’t be tampered with.

Real-time session monitoring and sharing. Invite others to watch your SSH session by entering a URL in their browser or a session ID in their terminal. View documentation for sharing SSH sessions.

Teleport Enterprise is built around the open-source core, with the added benefits of role-based access control (RBAC) and enterprise single sign-on (SSO). It is for organizations that need to secure critical production infrastructure and meet compliance and audit requirements.

Teleport Enterprise is trusted by some of the largest enterprises in software, finance, healthcare, manufacturing, IT, security, telecom, government, and other industries.

Talk to a sales engineer

Teleport Community

Teleport Community provides modern SSH best practices of out of the box for managing elastic infrastructure. Teleport Community is open-source software that anyone can download and install for free.

Download Teleport Community

Get In Touch

Locations

  • North America

    Oakland, CA - USA
    Toronto, Ontario - Canada
  • Europe

    Munich, Germany

Additional Information