starred/the-bastion
1
0
Fork 0
mirror of https://github.com/ovh/the-bastion.git synced 2026-05-09 08:25:27 +02:00
Code Issues 46 Projects Packages Wiki Activity

[GH-ISSUE #156] Sync ttyrec files #36

New issue
Closed
opened 2026-05-07 00:17:55 +02:00 by BreizhHardware · 2 comments
BreizhHardware commented 2026-05-07 00:17:55 +02:00
Owner
Copy link

Originally created by @jonathanmarsaud on GitHub (Mar 8, 2021).
Original GitHub issue: https://github.com/ovh/the-bastion/issues/156

Hi,

It seems that ttyrec files stored in /home/<user>/ttyrec/* are not synced between slaves and master. So in a HA setup, when a user reach a slave, his session is only recorded locally on the slave, and not available on every machines of the cluster.

Is this intended? What is the workflow to see all recorded sessions of a user?

Thanks,

Originally created by @jonathanmarsaud on GitHub (Mar 8, 2021). Original GitHub issue: https://github.com/ovh/the-bastion/issues/156 Hi, It seems that `ttyrec` files stored in `/home/<user>/ttyrec/*` are not synced between slaves and master. So in a HA setup, when a user reach a slave, his session is only recorded locally on the slave, and not available on every machines of the cluster. Is this intended? What is the workflow to see all recorded sessions of a user? Thanks,
BreizhHardware 2026-05-07 00:17:55 +02:00
  • closed this issue
  • added the
    question
         label
BreizhHardware commented 2026-05-07 00:17:56 +02:00
Author
Owner
Copy link

@speed47 commented on GitHub (Mar 16, 2021):

Hello,

You're right, ttyrec files are not synchronized. In our setups, we have between 2 and 8 machines in each bastion cluster, and some of these clusters receive millions of connections per day, so synchronizing all the ttyrec files between all the instances would produce a big overhead and would not be very efficient.

Our workflow is the following:

  • A session is recorded on a bastion instance, it's stored locally as a ttyrec file, as you have seen.
  • After a few days/weeks (configurable, depends on each cluster), the old ttyrec files are compressed and encrypted (to .gpg files), and moved locally to another folder. At that point, the ttyrec file can no longer be accessed by the user with the selfPlaySession command. It can still be decrypted/viewed by somebody with local access to the bastion (and access to the gpg key and password, of course). At the same time, those files are also pushed to a remote escrow filer. This is now possible because the files are encrypted, so there is no security/confidentiality concern getting those out of the bastion.
  • After a few more days/weeks, the local copiess of these compressed-encrypted ttyrec files, that have already been pushed to the escrow filer, are deleted, to ensure we always have room for the fresh ttyrecs that are continually produced.

So, the workflow to check all the ttyrec of an user, for example, is either to have a look at the escrow filer, where we have everything, or, if the time window is recent, check on the bastions directly. We know where to look because every command or access is logged to syslog, and this is pushed to a centralized location, so we can make queries to know exactly what ttyrec files have been produced, and where those are stored.

The script we use to compress/encrypt/rotate/push/delete ttyrec files is bin/cron/osh-encrypt-rsync.pl, with its corresponding configuration found at /etc/bastion/osh-encrypt-rsync.conf.

<!-- gh-comment-id:800383960 --> @speed47 commented on GitHub (Mar 16, 2021): Hello, You're right, ttyrec files are not synchronized. In our setups, we have between 2 and 8 machines in each bastion cluster, and some of these clusters receive millions of connections per day, so synchronizing all the ttyrec files between all the instances would produce a big overhead and would not be very efficient. Our workflow is the following: - A session is recorded on a bastion instance, it's stored locally as a ttyrec file, as you have seen. - After a few days/weeks (configurable, depends on each cluster), the old ttyrec files are compressed and encrypted (to `.gpg` files), and moved locally to another folder. At that point, the ttyrec file can no longer be accessed by the user with the `selfPlaySession` command. It can still be decrypted/viewed by somebody with local access to the bastion (and access to the gpg key and password, of course). At the same time, those files are also pushed to a remote escrow filer. This is now possible because the files are encrypted, so there is no security/confidentiality concern getting those out of the bastion. - After a few more days/weeks, the local copiess of these compressed-encrypted ttyrec files, that have already been pushed to the escrow filer, are deleted, to ensure we always have room for the fresh ttyrecs that are continually produced. So, the workflow to check all the ttyrec of an user, for example, is either to have a look at the escrow filer, where we have everything, or, if the time window is recent, check on the bastions directly. We know where to look because every command or access is logged to syslog, and this is pushed to a centralized location, so we can make queries to know exactly what ttyrec files have been produced, and where those are stored. The script we use to compress/encrypt/rotate/push/delete ttyrec files is `bin/cron/osh-encrypt-rsync.pl`, with its corresponding configuration found at `/etc/bastion/osh-encrypt-rsync.conf`.
BreizhHardware commented 2026-05-07 00:17:56 +02:00
Author
Owner
Copy link

@jonathanmarsaud commented on GitHub (Mar 18, 2021):

Thanks for your answer @speed47, we will design a similar workflow.
And thanks for The Bastion anyway!

<!-- gh-comment-id:801809593 --> @jonathanmarsaud commented on GitHub (Mar 18, 2021): Thanks for your answer @speed47, we will design a similar workflow. And thanks for The Bastion anyway!
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
expifix
groupcreate_fix_uid
fix_group_gid_fast
gh-pages
clush
expiration
jsonvalidator
v3.23.01
v3.23.00
v3.22.00
v3.21.00
v3.20.00
v3.19.01
v3.19.00
v3.18.99-rc1
v3.18.00
v3.17.01
v3.17.00
v3.16.99-rc3
v3.16.99-rc2
v3.16.99-rc1
v3.16.01
v3.16.00
v3.15.00
v3.14.16
v3.14.15
v3.14.00
v3.13.01
v3.13.00
v3.12.00
v3.11.02
v3.11.01
v3.11.00
v3.10.00
v3.09.02
v3.09.00-really
v3.09.00
v3.09.00-rc3
v3.09.00-rc2
v3.09.00-rc1
v3.08.01
v3.08.00
v3.07.00
v3.06.00
v3.05.01
v3.05.00
v3.04.00
v3.03.99-rc2
v3.03.99-rc1
v3.03.01
v3.03.00
v3.02.00
v3.01.99-rc4
v3.01.99-rc3
v3.01.99-rc2
v3.01.99-rc1
v3.01.03
v3.01.02
v3.01.01
v3.01.00
v3.00.02
v3.00.01
v3.00.00
Labels
Clear labels   
answered

   
bug

   
documentation

   
enhancement

   
enhancement

   
feature

   
feature

   
kept-open-for-info

   
pull-request
Mirrored from GitHub Pull Request

  
question
No labels
answered
bug
documentation
enhancement
enhancement
feature
feature
kept-open-for-info
pull-request
question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/the-bastion#36
No description provided.