internal-sftp and logging not working with Fedora and chroot using 5.5?

JPP jpp1 at frws.com
Sun Jul 11 04:07:04 EST 2010


Hope ya'all can help!

Been reading and reading, and adjusting... to no avail.
We need to have chroot'd SFTP activities logged on a file server and for 
whatever reason, I simply cannot get it to log with users that are chroot'd
(this is necessary for auditing and HIPAA - so it is pretty important)

I have tried with Fedora 11/12 and even an older Fedora 8 server, the same 
results:
1. We can log ALL activities for users on SFTP when **not** chroot'd
2. As soon as I re-enable chroot'd settings in sshd_config, those users are 
only logged as far as login is concerned, nothing else. And that goes to the /
var/log/secure log and NOT /var/log/messages as it does when they are not 
chroot'd

We are using OpenSSH Portable 5.5p1 freshly compiled.

And various Fedora versions from 8, to 11 and 12. Using syslog and rsyslog.

Pertinent sshd_config settings:
# tried with both lower case and upper case, same (should not matter)
Subsystem       sftp    internal-sftp -f AUTH -l VERBOSE

# Example of overriding settings on a per-user basis
Match Group sftponly
       ChrootDirectory %h
       X11Forwarding no
       AllowTcpForwarding no
       ForceCommand internal-sftp -f AUTH -l VERBOSE

####
>From /etc/rsyslog.conf

*.info;mail.none;authpriv.none;cron.none;auth.*     /var/log/messages

#####
Any suggestions would be helpful and VERY appreciated. Nothing I have touched 
has changed the way its logging - without chroot logging is perfect, with 
chroot, logging stops.

Have not tried the use of logging sockets - BUT from what I have read, these 
should not be necessary with the newer OpenSSH 5.x versions and this is the 
newest one, so did not want to head down that trail (yet).

Thank you in Advance...
JPP


--
FRWS WebMail (http://www.frws.com)
Cause you deserve Spam and Virus free email...



More information about the openssh-unix-dev mailing list