Weird Requirements for linux class

Im gearing up to teach a physical class on linux. Its got some weird requirements and this is out of my expertise. Mostly on the seeing what they do.

  • Let 6-8 People (maybe more) remote into a “box” (probably vm or dedicated machine i remote into)
  • Let me see what they are typing

The first one im flexible with how they remote into it. can be ssh, vnc, etc. Physical is not a option because i dont that many machines that they can play freely on, nor the peripherals to supply the machine.

Do you need to see it real-time, or can you rely on bash_history or similar?

If you need real time, make them use telnet instead of ssh and use wireshark, tcpdump, etc.

This is difficult.

If you need to see realtime, this is actually a problem that my company is trying to solve. There are some commercial solutions for this, but it’s not what you’d call “affordable”

1 Like

Closer to real time the better. I would like to see what they are typing so i can have them run root commands without them just thrashing the system. Goal it to be quick to restore

give them a chroot / jail on a ZFS volume and snapshot it every X minutes?

If the goal is “make sure they don’t trash the box” or “be able to recover it easy” then

  • you won’t be able to monitor 8 people’s input at the same time as a human AND teach a class
  • you won’t be able to intercept the rm -rf / in real time anyway
  • having them learn by breaking is still learning :slight_smile: . It may not be the course material but it is still valuable lessons… in what should be a safe, rebuildable environment.

So it becomes a case of either recovery or preventing the entire box being trashed. And restoring their environment from a snapshot.

I’d abandon the monitoring being your primary defence, and just chroot/jail them on a ZFS volume you can take snaps of :slight_smile:

In freenas, spinning up a jail running a command line unix variant is a 30 second exercise…

Yeah, okay. Easiest way would be to wrap their shell in tmux and you can just attach a local shell. This should be doable with a bashrc configuration.

The other option would be to write software that MITM’s the ssh session and basically allows a read-only monitor of the packet flow.


I think i can make screen do what i want here and could possibly even name the sessions

This would do it for tmux:

if [[ -n "$PS1" ]] && [[ -z "$TMUX" ]] && [[ -n "$SSH_CONNECTION" ]]; then
  tmux attach-session -t ssh_tmux || tmux new-session -s ssh_tmux

Will give this a go and see how it handles it

If you want logs, this plugin might help:

1 Like

Dont really care about the logs. If it happens it happens. Is always bash history helping me out

1 Like

You could use an SSH honeypot as well.

1 Like



send me my commission check via certified mail.

Why not give them each their own VM so they wont interfere with the whole class learning if one of them messes up something?

We can’t trust the host system. We’ve chosen to MITM ssh, as a solution.

lack of resources. Might give it a go and see how my laptop handles it but im not sure

Like i said, chroot or jails - lower overhead, easy creation/destruction/rollback…


What sort of resources do you have? You could do containers.

Just spin up a Fedora container with an ssh server running. :stuck_out_tongue:

If you’re doing 6-8 people, most hardware should be able to handle 8 containers.


Yup, containers would work too.

Same concept, different name…

If you can spin up a new instance in 10 seconds (or less) then who cares if they break it?

And if you put them on a filesystem with regular COW snapshots, you can even roll back to say 15 minutes ago quite easily.

Go nuts! Break your instance! Experiment!

That’s how people learn :slight_smile:

1 Like