Enable SSH session recording in CentOS 8

2 min read

CentOS 8 has been released and it includes some really amazing features. One feature that many security admins will greatly appreciate is session recording. With this feature, CentOS will record any/all SSH sessions, which includes all of the user activity that occurs during the session. Once recorded, videos of these sessions can be played back by any admin with a Cockpit login.

What you’ll need

To make this work, you’ll need the following:

  • A running instance of CentOS 8
  • A running instance of Cockpit
  • A user with sudo privileges

How to enable Cockpit

In order to enable Cockpit, log onto your CentOS 8 server. From the terminal prompt, issue the command:

sudo systemctl enable --now cockpit.socket

You will be prompted for your sudo password. Once you’ve typed that password, hit Enter and Cockpit is enabled and ready to work.

How to access Cockpit

With Cockpit enabled, open a web browser on a machine that has access to the CentOS 8 server and point it to https://SERVER_IP:9090. You will then be prompted for admin credentials.

Created with GIMP

How to install necessary packages

Before that first session can be recorded, there are a few packages that must be installed. Open a terminal window and issue the following commands:

sudo dnf install tlog
sudo dnf install sssd
sudo dnf install cockpit-session-recording
sudo dnf install systemd-journal-remote

And that’s all there is to the installation. At this point, whenever someone logs into the CentOS 8 server, they will be warned that the session is being recorded.

How to view sessions from Cockpit

Fire up a web browser and point it to https://SERVER_IP:9090 (where SERVER_IP is the IP address of your CentOS 8 server). Log in as an admin user and then click on Session Recording in the left navigation. 

In the resulting window, you’ll see all SSH logins since recording was enabled.

If you click on any one of those sessions, you can then click the associated play button to play back their sessions.

Created with GIMP

And that’s all there is to it. You can now view recordings of everything SSH users have done once they’ve logged onto your CentOS 8 server. But don’t worry if the video is hard to follow. Below the player the entire log of the session will print out as the video plays. You can even search the log for specific entries and the results will appear in the log window as well as timestamps for the video.

Without a doubt, this is a feature every security admin will want to have on their servers.

We want to hear your thoughts about this. Is there anything in particular that you love about it? What can we do to improve our services and experience? Leave a comment below or open a ticket on our helpdesk and we’ll personally review all suggestions and feedback. 

About Servercheap.NET

Since it was founded in 2015, Servercheap has always strived to provide its clients with enterprise-level performance at an unbeatable cost. Servercheap offers a wide range of customizable hybrid and virtual private server hosting services. All Servercheap clients enjoy a 99.9% uptime SLA and 24/7 rapid response support team.
At Servercheap, our core directive has always been to provide our clients with the best services and infrastructure possible, whether you’re hosting a game server, a high-intensity database, a development environment, or anything in-between.
For more information, visit https://www.servercheap.net

Leave a Reply

Your email address will not be published. Required fields are marked *