I want to remove any and all activity logs for SSH remotely. How do I get to it?
My account on the remote server doesn't have admin privilege, and as such I just want to remove user to user connection records.
The answer to this lies in sshd.conf and sshd_config (server) and ssh_config (client). Depending on the log level it logs to /var/log/syslog (default) and/or /var/log/auth.log (loglevel 'verbose' contains ssh login attempts).
If present /var/log/secure also contains an access log.
You will need root/sudo access to edit any of these files: they will be word-readable but not world-editable.
Next to that. Besides the login from the ssh daemon the command last also shows (failed) logins from ssh. The information for this command comes from /var/log/wtmp (There will be several more I bet).
And there is also the probability the sysadmin installed auditd or logwatch making it practically impossible to hide activity since they could get a notice based on activity undoing the registration of the ssh activity impossible.
Example of /var/log/auth.log:
Aug 10 10:10:10 rinzwind sshd[3653]: Invalid user text from {ipadress}
Aug 10 10:10:10 rinzwind sshd[3653]: Excess permission or bad ownership on file /var/log/btmp
Aug 10 10:10:10 rinzwind sshd[3653]: error: Could not get shadow information for NOUSER
Aug 10 10:10:10 rinzwind sshd[3653]: Failed password for invalid user test from {ipadress} port {port} ssh2
Aug 10 10:10:10 rinzwind sshd[3653]: Excess permission or bad ownership on file /var/log/btmp
