logging details

Damien Miller djm at mindrot.org
Wed Apr 21 08:59:52 EST 2010 

sftp-server doesn't log to xferlog, you can control which syslog
facility it uses with the -f flag.

Also, if you are using ChrootDirectory, you might need to arrange syslog
to listen inside your chroot at (relative) /dev/log

On Tue, 20 Apr 2010, Diller, Susan (Sue) wrote:

> I cannot get sftp to log the file name.  And, depending on who I ask, some say it works and others say it doesn't.  I was hoping someone at openssh.org could know for sure, and be able to tell me how, if it does.  - Sue
> 
> From sshd_config:
>  #       $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $
> Protocol 2
> SyslogFacility local5
> LogLevel debug3 #verbose
> #AuthorizedKeysFile     %h/.ssh/authorized_keys
> ChallengeResponseAuthentication yes
> Banner         /etc/issue
> X11Forwarding yes
> X11DisplayOffset 10
> X11UseLocalhost yes
> MaxStartups 50
> #Subsyste sftp /usr/local/libexec/sftp-server  -l VERBOSE
> Subsystem sftp internal-sftp -l VERBOSE
> Match Group sftpcust
>         ChrootDirectory /asp/sftp/%u
>         AllowTcpForwarding no
>         ForceCommand internal-sftp -l VERBOSE
>         PasswordAuthentication yes
> 
> From sftplog -
> Apr 20 08:57:50 ftproc sshd[13252]: [ID 800047 local5.debug] debug3: safely_chro
> ot: checking '/asp/sftp/ca004'
> Apr 20 08:57:50 ftproc sshd[13250]: [ID 800047 local5.info] User child is on pid
>  13252
> Apr 20 08:57:50 ftproc sshd[13250]: [ID 800047 local5.debug] debug3: mm_request_
> receive entering
> Apr 20 08:58:17 ftproc sshd[13250]: [ID 800047 local5.debug] debug3: monitor_rea
> d: checking request 58
> Apr 20 08:58:17 ftproc sshd[13250]: [ID 800047 local5.debug] debug3: mm_answer_t
> erm: tearing down sessions
> 
> Action taken:
> sftp> ls
> .
> ..
> zzz
> sftp> get zzz
> Fetching /reports/zzz to zzz
> sftp> quit
> 
> From xferlog, using ftp:
> 
> Tue Apr 20 08:57:00 2010 1 uxrp999 0 /asp/ftp/ca001/daily/zzz b _ o r ca001 ftp 
> 0 * c
> 
> -----Original Message-----
> From: Damien Miller [mailto:djm at mindrot.org] 
> Sent: Monday, April 19, 2010 5:41 PM
> To: Diller, Susan (Sue)
> Cc: openssh-unix-dev at mindrot.org
> Subject: RE: logging details
> 
> You can pass commandline arguments to internal-sftp and via ForceCommand too.
> 
> -d
> 
> On Mon, 19 Apr 2010, Diller, Susan (Sue) wrote:
> 
> > 
> > Shouldn't the subsystem be set to internel-sftp?  Or, can the Subsystem and ForceCommand options be different? 
> > 
> > -----Original Message-----
> > From: Damien Miller [mailto:djm at mindrot.org]
> > Sent: Friday, April 16, 2010 5:46 PM
> > To: Diller, Susan (Sue)
> > Cc: openssh-unix-dev at mindrot.org
> > Subject: Re: logging details
> > 
> > On Fri, 16 Apr 2010, Diller, Susan (Sue) wrote:
> > 
> > > Are there plans to expand the logging capabilities in OpenSSH, so 
> > > that the details of what files were moved using sftp is included? If 
> > > not, does anyone know of a good way to capture this information?
> > 
> > sftp-server has supported this for a while. Try specifying:
> > 
> > Subsystem       sftp    /usr/libexec/sftp-server -l VERBOSE
> > 
> > in sshd_config (you might need a different path to sftp-server).
> > 
> > -d
> > 
>

More information about the openssh-unix-dev mailing list