logging details

Diller, Susan (Sue) Susan.Diller at PAETEC.com
Tue Apr 20 23:09:50 EST 2010 

I cannot get sftp to log the file name.  And, depending on who I ask, some say it works and others say it doesn't.  I was hoping someone at openssh.org could know for sure, and be able to tell me how, if it does.  - Sue

>From sshd_config:
 #       $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $
Protocol 2
SyslogFacility local5
LogLevel debug3 #verbose
#AuthorizedKeysFile     %h/.ssh/authorized_keys
ChallengeResponseAuthentication yes
Banner         /etc/issue
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
MaxStartups 50
#Subsyste sftp /usr/local/libexec/sftp-server  -l VERBOSE
Subsystem sftp internal-sftp -l VERBOSE
Match Group sftpcust
        ChrootDirectory /asp/sftp/%u
        AllowTcpForwarding no
        ForceCommand internal-sftp -l VERBOSE
        PasswordAuthentication yes

>From sftplog -
Apr 20 08:57:50 ftproc sshd[13252]: [ID 800047 local5.debug] debug3: safely_chro
ot: checking '/asp/sftp/ca004'
Apr 20 08:57:50 ftproc sshd[13250]: [ID 800047 local5.info] User child is on pid
 13252
Apr 20 08:57:50 ftproc sshd[13250]: [ID 800047 local5.debug] debug3: mm_request_
receive entering
Apr 20 08:58:17 ftproc sshd[13250]: [ID 800047 local5.debug] debug3: monitor_rea
d: checking request 58
Apr 20 08:58:17 ftproc sshd[13250]: [ID 800047 local5.debug] debug3: mm_answer_t
erm: tearing down sessions

Action taken:
sftp> ls
.
..
zzz
sftp> get zzz
Fetching /reports/zzz to zzz
sftp> quit

>From xferlog, using ftp:

Tue Apr 20 08:57:00 2010 1 uxrp999 0 /asp/ftp/ca001/daily/zzz b _ o r ca001 ftp 
0 * c

-----Original Message-----
From: Damien Miller [mailto:djm at mindrot.org] 
Sent: Monday, April 19, 2010 5:41 PM
To: Diller, Susan (Sue)
Cc: openssh-unix-dev at mindrot.org
Subject: RE: logging details

You can pass commandline arguments to internal-sftp and via ForceCommand too.

-d

On Mon, 19 Apr 2010, Diller, Susan (Sue) wrote:

> 
> Shouldn't the subsystem be set to internel-sftp?  Or, can the Subsystem and ForceCommand options be different? 
> 
> -----Original Message-----
> From: Damien Miller [mailto:djm at mindrot.org]
> Sent: Friday, April 16, 2010 5:46 PM
> To: Diller, Susan (Sue)
> Cc: openssh-unix-dev at mindrot.org
> Subject: Re: logging details
> 
> On Fri, 16 Apr 2010, Diller, Susan (Sue) wrote:
> 
> > Are there plans to expand the logging capabilities in OpenSSH, so 
> > that the details of what files were moved using sftp is included? If 
> > not, does anyone know of a good way to capture this information?
> 
> sftp-server has supported this for a while. Try specifying:
> 
> Subsystem       sftp    /usr/libexec/sftp-server -l VERBOSE
> 
> in sshd_config (you might need a different path to sftp-server).
> 
> -d
>

More information about the openssh-unix-dev mailing list