How to monitor a logged in professional

Sun Nov 23 11:41:42 -0800 2008

Sometimes you will need to get a professional to log into your system to help you out. You should watch what they do, and this is the easiest way I know.

I needed to get someone from a hardware company to log into one of our phone servers to help debug a problem, but I wasn’t just about to give them full carte blanche access to my server. Especially as it is behind a firewall.

I trust these guys somewhat, I mean, if they screw up, no more customer and hello to bad PR… but at the same time, you should always watch.

So, I went hunting around, and Screen is the best answer.

Get them to log into your system and type:



$ screen -S support

Then, from your shell:



$ screen -x support

And bam, you are both sharing the same screen.

Nice and simple.

Of course, this isn’t fool proof, and it only really lets you follow what the other guy is doing. But it is a hell of a lot better than sitting there blind listening on the phone to a few hundred key strokes wondering ‘what is he up to?’

blogLater

Mikel

  1. Brian Fox Says:
    Wed Dec 31 11:18:06 -0800 2008

    I highly recommend using “kibitz” instead. You can find this program as part of the TCL “expect” package.

    Kibitz (like screen) lets you share a screen and keyboard. So, on a machine outside the firewall, have the support guy use a guest login. On that machine run “kibitz guest”. The guy gets a prompt telling what magic number to give to kibitz. After he does that, he is sharing your screen, and you can login to your secure server as you, utilize sudo rights, etc, all without giving the support guy any sensitive information at all. Best of all, when you exit kibitz, so does he!

  2. Mikel Says:
    Wed Dec 31 17:21:01 -0800 2008

    Hey Brian,

    Thanks for the suggestion, kibitz looks perfect!

    Mikel

Leave a Reply