How Can I Set Up an SSH Jump Server Host in Such a Way That All SSH Connections Made Through It Will Be Logged?

When an SSH connection is tunneled through a jump server, there is no actual new SSH connection opened from the jump server to the target host. Instead, the jump host just forwards the TCP connection to the target host. Moreover, the traffic in the tunnel is encrypted/decrypted by the endpoints in the chain, so the intermediate jump host passes encrypted data. For this reason, when installed on a jump host, Syteca cannot monitor tunneled connections. This happens both when opening the session with the -J parameter or when configuring the sshd_config file to proxy connections. Therefore, in these cases, sessions can only be monitored if Syteca is installed on the target host.

In order to prevent such tunneled connections, which cannot be monitored by Syteca on a jump host, there is an option to configure the sshd_config file on the jump server to prevent tunneling connections through the host by specifying the following:

AllowAgentForwarding no

AllowTcpForwarding no

PermitTunnel no

In any case, if the jump server connection is opened by using ssh -tt jumpHost ssh -tt targetHost, then Syteca installed on the jump host will log the new connection and monitor its output.