Debian – Prevent logging and deleting SSH commands

Debian – Prevent logging and deleting SSH commands

To log SSH commands via the shell and prevent the history from being emptied, we can use a few small tricks. Of course, these settings can be removed again as root (if the other root user knows this).

First we open the configuration file

nano /root/.bashrc

and add the following lines:


shopt -s histappend
HISTSIZE=10000
HISTFILESIZE=20000
alias history='history_check'
history_check() {
 if [ "$(whoami)" = "root" ]; then
 echo "Blocked: history -c is not allowed for root"
 else
 builtin history "$@"
 fi
}

We then save the file and clear the history with

history -c

Then we reload the configuration to prevent it from being emptied in the future:

source /root/.bashrc

Note: To view the history later, the alias must be deleted, the configuration reloaded and the connection re-established via SSH.

Leave a Reply

Your email address will not be published. Required fields are marked *