Linux - Securely redirecting console to virtual terminal for logging
I want to be able to log a ssh session to a unused virtual terminal (/dev/ttyX) so that I can leave something running yet not allow any intrusion into the ssh session by unauthorized users at the keyboard. This is what I ended up doing:
-
Give user write access to /dev/tty devices.
-
Install screen and script.
-
Run screen with simple “screen”.
-
Run script with output to virtual terminal and flushing option: “script -f /dev/ttyX”.
-
Do regular ssh session and begin whatever it is you want to monitor.
-
Disconnect from screen’ed session (CTRL-a d).
-
Switch to virtual terminal script is dumping to.
This works out quite well in practice – I’m not noticing any issues and it is fairly simple to accomplish. On my debian etch install, I had to add my user to the root group (or I could have given all users write access to /dev/tty devices).