Audit and record non-interactive ssh sessions

I'm looking for a way to audit user commands while in a non-interactive sessions. For example when a user runs 'ssh cat /etc/shadow' or 'ssh /bin/bash' there is no log of the privileged execution within auditd. I've come across a few solutions to store the initial command within bash_history but not auditd.

any help would be greatly appreciated!