ttysnoop for kernel 2.6

This project was made by a friend of mine, Vinicius Anselmo. He discontinued it's development (as it showed to be incompatible with later Linux kernels), so I proposed to host his work on my site.

ttysnoop is a small program made by Carl Declerck that allows an administrator to snoop on login terminal through another. It worked until kernel 2.4 because they still with BSD-style pty's support. Here it is a solution for 2.6.

Screenshot:

SSH:

Is ttysnoop compatible with sshd? ttysnoop was created to work with inetd, however, there is a way to make it work with sshd.
First you will need the source code of the sshd. Edit the file configure and add these lines:

LOGIN_PROGRAM="/sbin/ttysnoops"
export LOGIN_PROGRAM

Now it is necessary to verify the paths, so that the new executable uses the same configuration files of your system. For my system I solved making this modification in pathnames.h:

// #ifndef SSHDIR
#define SSHDIR	ETCDIR "/ssh"
// #endif

And executing the script configure specifying a null prefix:

./configure --prefix=

Now compile the program. Make a backup copy of your /usr/sbin/sshd and put your new sshd in the place. That should work. If you are using RedHat or Fedora Core you can try to use my executable (see below).

Bugs:

After log out, it doesn't remove the pseudo-terminal entry. Meaning people showed up as still logged in when they weren't.
I use: who -u | grep -v ?
to see who really is on my system. I don't know how to solve it.

Filename/Title	Size
ttysnoop for kernel 2.6 source (ttysnoop-0.12d.k26.tar.gz)	9.16 KB
ttysnoop for kernel 2.6 RPM package (ttysnoop-0.12d.k26-9.i386.rpm)	13.61 KB
ttysnoop-enabled sshd binary (sshd_bin.tar.gz)	114.52 KB