Recording SSH Sessions with Asciinema

Overview

Here are three approaches to record SSH sessions made to your machine using asciinema, from simple to robust:

Approach 1: Basic .bashrc Method

Add asciinema recording to users' .bashrc files:

# Check if not already recording
if [[ -z $ASCIINEMA_REC ]]; then
    SESSION_ID="$(whoami)-$(date +%Y%m%d%H%M%S)-$$"
    exec asciinema rec -q /var/ssh-recordings/$SESSION_ID.cast
fi

Pros: Simple to implement
Cons: Won't capture non-interactive sessions, SFTP fails, users can bypass

Approach 2: SSH ForceCommand Method (Recommended)

Create a wrapper script that SSH ForceCommand executes:

1. Create recording wrapper script at /usr/local/bin/ssh-recorder
2. Configure SSH to use ForceCommand in /etc/ssh/sshd_config
3. Handle both interactive and non-interactive sessions

Approach 3: Profile.d System-wide Method

Create a system-wide recording script in /etc/profile.d/

Implementation Steps

1. Create secure recording directory

sudo mkdir -p /var/ssh-recordings
sudo chmod 700 /var/ssh-recordings

2. Install asciinema

sudo apt-get update
sudo apt-get install asciinema

3. Create recording wrapper script

• Handle SSH_ORIGINAL_COMMAND for non-interactive sessions
• Start asciinema with appropriate filename
• Ensure proper permissions (root-only access)

4. Configure SSH (for ForceCommand approach)

• Edit /etc/ssh/sshd_config
• Add ForceCommand directive
• Restart SSH service

5. Set up cronjob for uploads

• Create script to upload recordings to remote server
• Add to root's crontab
• Clean up old recordings after successful upload

6. Test the setup

• Test interactive SSH sessions
• Test non-interactive commands
• Verify SFTP still works
• Check recording permissions