Tailscale 宣布 Tailscale SSH 可以側錄:「Announcing session recording for Tailscale SSH in beta」,這主要是對於 compliance 需求會有幫助,以前有類似需求的話會透過 jump server 類的方式來側錄...
這次提供的是 asciinema 格式,很容易可以 replay:
When a member of your tailnet initiates a connection over Tailscale SSH, our client on the server records all of the terminal output in asciinema format, and streams it to a dedicated recorder node on your tailnet.
開放給所有使用者,包括免費版本:
Session recording for Tailscale SSH is available in beta on our Free and Enterprise plans.
舊的 SSH session logging 則是宣布在八月會停掉:
This feature replaces a legacy version of local SSH session logging that saves recordings directly to the SSH server’s filesystem. We are deprecating that feature, and anyone using it should migrate to the new SSH session recording feature. The legacy functionality will remain active until at least August 1, 2023.
在 Hacker News 的討論「Session recording for Tailscale SSH in beta (tailscale.com)」裡面有一些有趣的東西,像是 sudo 也有提供類似的功能:「Sudoreplay」。
之前有遇過一些商用方案,有提供類似的功能,像是 CyberArk 的「Configure recordings and audits (PSM for SSH)」。
另外 2016 年時 AWS 的人也有寫過「How to Record SSH Sessions Established Through a Bastion Host」。
算是稽核上常見的需求,先前就有不少方法了,Tailscale 提供的工具等於是簡化了一些步驟。