from Hacker News

Session recording for Tailscale SSH in beta

by geoffeg on 5/11/23, 5:49 PM with 32 comments

  • by teeray on 5/12/23, 3:41 AM

    Many folks don’t realize it, but sudo offers a sudoreplay[0] to do something similar. Obviously this won’t cover things they do outside of a sudo session, but you could construct permissions on the machine such that you would require them to use it for things you care about.

    This isn’t to trivialize the work of Tailscale (like the famous Dropbox comment). I just wanted to point out a cool thing that sudo does that most people don’t know about.

    [0] https://www.sudo.ws/docs/man/1.8.13/sudoreplay.man/

  • by tptacek on 5/11/23, 8:55 PM

    This is a deceptively valuable feature for regulated/compliance-trained companies, because a lot of things you want a detailed audit trail for are accessed via shells (most notably: the consoles for app frameworks).

  • by blueflow on 5/11/23, 10:18 PM

    I use script(1) daily for creating papertrails:

      script -ec "command args" ~/$(date +%Y-%m-%d-%H%M%S_$$_script.txt)
    Works out of the box on almost every *nix system.

    The recordings end up as textfiles with the control sequences in, you can use commands like cat -v, grep or less -R on them. If you also record a timing file, you can replay it 1:1 on you terminal.

  • by matthewaveryusa on 5/11/23, 8:49 PM

    A very valid use-case not mentioned in the article is to save all your personal terminal interactions to a database so you can search it in the future. Your terminal's input (and output) value per byte is enormous so really everyone should be saving it all.

    I'll be horsing around with this tonight -- I hope ts sshing to my local computer will just work so I can get local recording as well without a separate mechanism.

  • by pelagicAustral on 5/11/23, 11:03 PM

    Maybe slightly off-topic, but does anybody here know how to record an(or any) SSH session(s)? On a debian server, for example?

    I remember seeing someone do a demo on this but the result, after only 2 minutes where insane. There was so much data to go through that you might aswell just give up on trying to get anything useful.

  • by rastignack on 5/12/23, 9:20 AM

    Looks nice.

    However if I scp a script to an audited server, then execute it, would I be able to retrieve the content of the script to have a proper audit trail ?

    In other words is the file transfer protocol audited ?

  • by theossuary on 5/12/23, 3:42 PM

    Semi related, does anyone else feel that the higher tier of tailscale is priced crazy high? I was investigating tailscale for a company and was really sold until I realized we needed SSH logins and that'd cost $18/user. That seems crazy expensive to me. I'd really expected it to be closer to $10/user. Am I crazy? Is this the cost of VPN + basic access control these days?

  • by jgalt212 on 5/12/23, 12:43 AM

    This seems pretty nice, but having too many logs is yet another attack surface.