Skip to Content

Why does the ssh log have control characters and looks different from the actual input?

79  admin July 3, 2024  Common Errors & Troubleshooting

Understanding SSH Log Formatting Issues and Resolving Them.

If you've noticed that your SSH logs contain control characters and appear different from your actual input, here’s why and how you can resolve it:

Control Characters in SSH Logs

SSH logs, especially those categorized under the 'input' log type, record keyboard input exactly as entered, including control characters. This means commands executed using features like tab completion ([tab]) or searching bash history ([ctrl-R]) will appear in the logs as the respective keys are pressed, rather than the executed command itself.

Enabling Full SSH Log Recording

To accurately capture the commands executed:

  • Navigate to Settings -> general -> Security -> ssh session logging in to your Ezeelogin web interface.
  • Ensure that 'Both' is selected for SSH session logging to record both input and output comprehensively.

Viewing Complete SSH Session Logs

Once full SSH session recording is enabled:

  • Access the SSH logs by going to Users -> SSH Logs -> Log Type -> ALL in the Ezeelogin web GUI.
  • Here, you can search for logs related to the user or session of interest.

     

 

The full ssh session log would have the entire input and the output of the command without the command shortcuts/or control characters.

 
Not Rated