diff --git a/options.h b/options.h index 0349fa924b3217eab086a3bcfff77b34cd810c39..30fa637aea218bc7c79a5b11c8fd64ce3d495986 100644 --- a/options.h +++ b/options.h @@ -199,8 +199,10 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */ * not using the Dropbear client, you'll need to change it */ #define _PATH_SSH_PROGRAM "/usr/bin/dbclient" -/* Multi-purpose binary configuration has now moved. Look at the top - * of the Makefile for instructions, or INSTALL */ +/* Whether to log commands executed by a client. This only logs the + * (single) command sent to the server, not what a user did in a + * shell/sftp session etc. */ +/* #define LOG_COMMANDS */ /******************************************************************* * You shouldn't edit below here unless you know you need to. diff --git a/svr-chansession.c b/svr-chansession.c index 0916e7e6ca008d7ae55798a57ddbc2952c61d258..612885b29c19454ff747fe47d18815862c43e29b 100644 --- a/svr-chansession.c +++ b/svr-chansession.c @@ -588,6 +588,16 @@ static int sessioncommand(struct Channel *channel, struct ChanSess *chansess, } } +#ifdef LOG_COMMANDS + if (chansess->cmd) { + dropbear_log(LOG_INFO, "user %s executing '%s'", + ses.authstate.printableuser, chansess->cmd); + } else { + dropbear_log(LOG_INFO, "user %s executing login shell", + ses.authstate.printableuser); + } +#endif + if (chansess->term == NULL) { /* no pty */ ret = noptycommand(channel, chansess);