Cannot get sftp transfers to log in the systemd journal
John
da_audiophile at yahoo.com
Tue May 10 20:57:13 AEST 2016
> On 05/09/2016 06:10 PM, John wrote:
>
>> I'd like to have sshd write entries into the systemd journal logging
> sftp transfers. From googling, it seems that one needs to edit
> /etc/ssh/sshd_config adding this line:
>>
>> Subsystem sftp /usr/lib/ssh/sftp-server -f AUTH -l VERBOSE
>>
>>
>> I can transfer files via filezilla (sftp) but I don't get anything in
> `journalctl -u sshd` that shows these transfers, just a few lines showing I
> connected. What am I doing wrong? I am using version 7.2p2 on Arch Linux.
> Thanks in advance!
> These logs are logged under different "user" than sshd. It should be
> logged under "sftp-server" process name. It certainly works on
> Fedora/RHEL, unless:
>
> * you are in chroot -- this requires a bit different approach
> * your user is blocked from opening or writing to /dev/log or however
> is syslog configured to accept logs
>
> Note, that using above settings logs under the user logging in and not
> under root so you need appropriate access.
Thank you for the reply. Indeed, I see entries for the entries in my journalctl output under 'sftp-server' if I transfer a file from a normal user on my system. I also setup a chroot-jail but as you mentioned, no logs are written for these. What is the different approach I need to use?
To help, here is the relevant section of my sshd_config:
Match group sshusers
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
PasswordAuthentication yes
ForceCommand internal-sftp
More information about the openssh-unix-dev
mailing list