SSH session logging / recording

If you want to implement a simple server-side SSH session logging, follow these simple steps.

“script” command can be used to log user activity. Then, we can send the session as email to several recipients, and remove the log file.

Add this to user’s .bash_profile file, or simply construct something similar:

CURDATE=$(date +%F-%T)
script -f -q /tmp/session-$USER-$CURDATE-$RAND.log
for EMAIL in $EMAILS; do
    cat "/tmp/session-$USER-$CURDATE-$RAND.log" | mail -s "SSH session transcript for $USER at $CURDATE" $EMAIL
rm -f /tmp/session-$USER-$CURDATE-$RAND.log


  • don’t assume it to be any security feature: the log file can be easily manipulated or removed by the user, a different shell can be used, etc.,
  • sending an email may not be a good idea if you expect lots of output (i.e. cat /dev/urandom).