Introducing SSH command logging

Cloudflare has introduced SSH (Secure Shell Protocol) command logging as part of its Zero Trust platform, aiming to enhance security and visibility for remote machines management. Traditional SSH security methods have limitations in terms of tracking user actions and preventing lateral movement within a network. The new feature captures all commands run during an SSH session, including across multiple jump-hosts or bastions, providing a clear picture of events in case of accident, suspected breach, or attack. It also supports secure TLS inspection of all traffic from user devices and eliminates the need for complex logging software on individual machines. The logs captured by Cloudflare are immediately encrypted to ensure only authorized security users can inspect SSH commands.