SCP-Logging

[sven.luehrs at aksl.de]

Hi,

as much people in the past i'm looking for a way to "syslog" the files
people copy to and from
our sshd via scp. Unfortunatly SFTP/FTP-over-SSH2 are not an option. The
people using
the scp-access are configured for an scp-only-shell (
http://www.sublimation.org/scponly/).
We use OpenSSH-2.9p1 in a chrooted-environment for content-deployment,
therefore
we need to log every file transfer.  Seeking through the mailing list i
found no answer for
my needs. Did i miss any feature ?

Regarding possible privacy-concerns, every user has to sign a
service-agreement before he
gets an account. The service-agreement clarifies that we log as much as we
can ... so
everybody knows what's going on ...

Unfortunatly i have no experience in programming C, but while looking
around the code
had the idea to add a "syslog"-systemcall to the  "source"- and "sink"
-functions. Combined
with some other thoughts, like the problem that logging needs to be
enabled/disabled by
parameter on the server-side,  the fact that scp doesn't use any config
files and the
solution to write some kind of "shell-script-wrapper" to add some
parameters to
the scp-call is not that clean, i quite fast hit the border of my skills.

It would be great if anybody had a patch for scp to integrate logging ...
Can anybody help ?

Other suggestions ?

Regards

Sven Lührs

--
+----------+  aksl GmbH                   Tel. +49 69 907368 0
| a k  s l |  Schmidtstraße 51            Fax. +49 69 907368 77
+----------+  D-60326 Frankfurt am Main
|['a:k'sel]|
+----------+  http://www.aksl.de          mailto:sven.luehrs at aksl.de