Debian – Prevent logging and deleting SSH commands
To log SSH commands via the shell and prevent the history from being emptied, we can use a few small tricks. Of course, these settings can be removed again as root (if the other root user knows this).
First we open the configuration file
nano /root/.bashrc
and add the following lines:
shopt -s histappend
HISTSIZE=10000
HISTFILESIZE=20000
alias history='history_check'
history_check() {
if [ "$(whoami)" = "root" ]; then
echo "Blocked: history -c is not allowed for root"
else
builtin history "$@"
fi
}
We then save the file and clear the history with
history -c
Then we reload the configuration to prevent it from being emptied in the future:
source /root/.bashrc
Note: To view the history later, the alias must be deleted, the configuration reloaded and the connection re-established via SSH.