Setting it up can be a bit tricky if you aren't used to dealing with SSH keys and forced commands. Here's an example showing how to set it up on a server. First download the script- I keep it in /usr/local/sbin so it can be used system-wide.
# cd /usr/local/sbin
# wget http://www.jms1.net/log-session
...
Find out where the sftp-server binary is located.
# grep sftp /etc/ssh/sshd_config Your sshd_config file may be in a different directory.
#Subsystem sftp /usr/libexec/openssh/sftp-server
Subsystem sftp internal-sftp
Put that value into the script.
Use whatever text editor you like. Find this line (near the top) and set the variable to point to your sftp-server binary.
SFTP_SERVER=/usr/libexec/openssh/sftp-server
# chmod 755 log-session
For each user whose SSH sessions you wish to record, you need to edit the user's ".ssh/authorized_keys
" file. Find the line which contains their public key, and add a forced command to the beginning of the line which will make sshd run that script instead of whatever command they may have wanted to run. Be careful, some text editors may try to wrap the lines for you (the keys are very long.) DO NOT allow the editor to do this (or at least make sure you fix the damage before saving the file.)
# cd ~user/.ssh
# nano authorized_keys
Again, use whatever text editor you like. Find the line for their key, which will probably look like...
ssh-dss AAAAB3NzaC1kc3MAAAEBAMKr1HxJzOWRQCm16Sf...
Add the forced command to the beginning of this line. The result should look like this...
command="/usr/local/sbin/log-session" ssh-dss AAAAB3NzaC1kc3MAAAEBAMKr1HxJzOWRQCm16Sf...
After this is done, any time somebody connects to the server and uses that key to authenticate as that user, sshd will run the log-session script instead of whatever command they were trying to run. Of course, the script will run their original command- but it will log the session (unless they're doing an SFTP session, which I guess you could log, but since it's a binary protocol there's probably not much use in doing so. If you want to do this, directions can be found within the script itself.)