|
My guess is that even if you intercept the ssh data (using the system calls), that wouldn't be enough as it's encrypted and it's decrypted and interpreted (executed, etc.) on user space by the ssh daemon, the shell, etc.
You could still "strace" on a kernel module all kinds of activity that the ssh connection triggers - processes being spawned, received arguments - but not the actual keypresses on the remote terminal window and the sshd receiving each of them, as this last part happens in user space.
|