Monitor an incoming SSH session in real time
GNU Screen has this ability, you could allow a specific shell user to only operate through screen.
https://www.linux.com/training-tutorials/using-screen-remote-interaction/
I think screen is what you're after, but if you don't want to sit there watching, and want to "video" a user's session, you can look at sudo shell.
If you set the user up with this as their shell, you can have a complete recording of everything that occurred, and you can the "replay" it back, and watch it when/if you need to.
The only possible downside to this is that the logs can grow very large, for example if they run a command like find /
, you will have all that recorded too - so you'll probably have to pick which accounts to enable it for rather than doing it globally.
As for allowing vendors login access, this is probably perfect, because you have a complete audit trail of everything they did, everything (even backspacing) is recorded and stored for replay.
log_output
is your recorder option for sudoers, and sudoreplay(8)
is your player.
As per the sudoers
man page:
log_output: If set, sudo will run the command in a pseudo tty and log all output that is sent to the screen, similar to the script(1) command. If the standard output or standard error is not connected to the user's tty, due to I/O redirection or because the command is part of a pipeline, that output is also captured and stored in separate log files.
In sudoers file, you would put something like this:
User_Alias SHELL_ACCOUNTS = root,jack
Defaults: SHELL_ACCOUNTS log_output
Or for group-based logging
Defaults:%shellusers log_output
See http://www.gratisoft.us/sudo/sudoers.man.html for details.
For a similar thing: Live view of Linux shell commands executed by another user?