diff --git a/options.h b/options.h
index 0349fa924b3217eab086a3bcfff77b34cd810c39..30fa637aea218bc7c79a5b11c8fd64ce3d495986 100644
--- a/options.h
+++ b/options.h
@@ -199,8 +199,10 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
  * not using the Dropbear client, you'll need to change it */
 #define _PATH_SSH_PROGRAM "/usr/bin/dbclient"
 
-/* Multi-purpose binary configuration has now moved. Look at the top
- * of the Makefile for instructions, or INSTALL */
+/* Whether to log commands executed by a client. This only logs the 
+ * (single) command sent to the server, not what a user did in a 
+ * shell/sftp session etc. */
+/* #define LOG_COMMANDS */
 
 /*******************************************************************
  * You shouldn't edit below here unless you know you need to.
diff --git a/svr-chansession.c b/svr-chansession.c
index 0916e7e6ca008d7ae55798a57ddbc2952c61d258..612885b29c19454ff747fe47d18815862c43e29b 100644
--- a/svr-chansession.c
+++ b/svr-chansession.c
@@ -588,6 +588,16 @@ static int sessioncommand(struct Channel *channel, struct ChanSess *chansess,
 		}
 	}
 
+#ifdef LOG_COMMANDS
+	if (chansess->cmd) {
+		dropbear_log(LOG_INFO, "user %s executing '%s'", 
+						ses.authstate.printableuser, chansess->cmd);
+	} else {
+		dropbear_log(LOG_INFO, "user %s executing login shell", 
+						ses.authstate.printableuser);
+	}
+#endif
+
 	if (chansess->term == NULL) {
 		/* no pty */
 		ret = noptycommand(channel, chansess);