Skip to content
/ ssh-watcher Public

A real-time SSH session watcher that monitors logins, detects anomalies, and alerts on suspicious activity.

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

MayankMadan97/ssh-watcher

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
ssh-watcher
ssh-watcher
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

ssh-watcher

A real-time SSH session watcher that monitors logins, detects anomalies, and alerts on suspicious activity.

🧪 SSH Watcher Test Bed Setup

This guide walks you through setting up a lightweight, SSH-enabled Docker container to simulate SSH activity for development or testing purposes.

🚀 1. Run an SSH-Enabled Docker Container

docker run -d -P --name ssh-test rastasheep/ubuntu-sshd:latest
  • -d – Run container in detached mode
  • -P – Map container’s ports to random ports on the host
  • --name ssh-test – Assign a name to the container
  • rastasheep/ubuntu-sshd:latest – Lightweight SSH-enabled image

🔍 2. Lookup Port Mapped to Host

docker port ssh-test 22
  • This shows the random host port mapped to the container’s port 22 (SSH).

🔑 3. SSH into the Container

Once you know the host port (say 49154), connect using:

ssh root@localhost -p <port-number>
## Example:
ssh root@localhost -p 49154

The default root password is usually root (unless changed).

📄 4. Check for SSH Logs

To check logs:

docker exec -it ssh-test bash
  • Opens an interactive bash shell in the container.

Look for the authentication log:

cat /var/log/auth.log

If not found, follow the steps below to enable logging.

⚙️ Enable Logging Inside the Container

Update & Upgrade System

apt update
apt upgrade
  • apt update – Fetches latest package info
  • apt upgrade – Safely upgrades installed packages (skips if dependencies need to be added/removed)

To perform a full upgrade:

apt full-upgrade

Install Rsyslog (System Logging Daemon)

apt install rsyslog -y
  • -y – Automatically confirms all prompts

Start Rsyslog Service

service rsyslog start

✅ Verify Rsyslog Is Running

ps aux | grep rsyslog
  • ps – Process snapshot
  • a – Show processes for all users
  • u – Show user who owns the process
  • x – Include processes not attached to a terminal
  • grep – Pattern match for rsyslog

🔐 5. (Optional) Setup SSH Key-Based Authentication

Using key-based authentication is:

  • More secure than password-based login
  • Ideal for scripting and automated testing
  • Recommended for production-like simulations

About

A real-time SSH session watcher that monitors logins, detects anomalies, and alerts on suspicious activity.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages