Been giving Claude unfettered SSH access to my devices; wanted to come up with a better way: audit + logging and a potential way to in a single go, take away access. This is based on my Box jumpbox that i still use to this day: https://yeri.be/box-docker-shell-server/ TL;DR — Auditing Claude’s SSH access through a shared jumpbox The problem I use a Docker-based SSH jumpbox to reach a fleet of ~20 servers. Claude (an LLM agent) drives some of that traffic on my behalf. Until now it logged in as a user or root with no per-actor distinction, no command record, and no way to ask later “what did Claude actually run last week?” I wanted: every command the agent runs, captured, attributed, off-box, in something I can search — without logging my own sessions (those are mine, not the agent’s). What was built Dedicated alfons user on the jumpbox. Claude’s key moved off root into alfons’s authorized_keys. yeri/root logins stay untouched. sshd ForceCommand scoped to that user only: Match User…
No comments yet. Log in to reply on the Fediverse. Comments will appear here.