docs: add plan for capturing SSH exec commands (PLAN.md 4.4)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
10
PLAN.md
10
PLAN.md
@@ -200,3 +200,13 @@ Goal: Make the web UI great and add operational niceties.
|
|||||||
- Embed a lightweight GeoIP database or use an API ✅
|
- Embed a lightweight GeoIP database or use an API ✅
|
||||||
- Store country/city with each attempt ✅
|
- Store country/city with each attempt ✅
|
||||||
- Aggregate stats by country ✅
|
- Aggregate stats by country ✅
|
||||||
|
|
||||||
|
### 4.4 Capture SSH Exec Commands
|
||||||
|
Many bots send a command directly via `ssh user@host <command>` (an SSH "exec" request) rather than requesting an interactive shell. Currently these are rejected and the command is lost. We should capture them.
|
||||||
|
|
||||||
|
- Handle `"exec"` request type in the server's request loop (alongside `"pty-req"` and `"shell"`)
|
||||||
|
- Parse the command string from the exec payload
|
||||||
|
- Add an `exec_command` column (nullable) to the `sessions` table via a new migration
|
||||||
|
- Store the command on the session record before closing the channel
|
||||||
|
- Optionally return plausible fake output for common commands (e.g. `uname`, `id`, `cat /etc/passwd`) to encourage further interaction
|
||||||
|
- Surface exec commands in the web UI (session detail view)
|
||||||
|
|||||||
Reference in New Issue
Block a user