Auditing SSH sessions?

I'm looking for a way that I can record and audit SSH sessions for users on my server. I need to be able to know when a user executed a command, what command they executed, and also be able to follow them through logins into other accounts (if a user were to run sudo -Hiu otheruser, the otheruser session should still be tracked from the main user's logs since they did not log in directly).

script doesn't seem to be a solution since the logs are recorded from the user's account which makes it vulnerable to tampering/destruction, and it also doesn't have timestamps for the commands.

Is there a commonly used tool / open source suite for a use case like this?


This question seems to have been asked, and answered, many times before: Stack Exchange to the Rescue

The second answer in particular seems to offer a potential solution using functionality built into SSHd itself as documented here SSH Recording but won't stand up to any determined effort to defeat it.

This technique in conjunction with the logger command may meet your requirements.