Logging with ForceCommand and SCP
Oliver Graute
oliver.graute at gmail.com
Wed Mar 15 21:39:13 AEDT 2017
On Wed, Mar 8, 2017 at 11:01 AM, Oliver Graute <oliver.graute at gmail.com> wrote:
> Hello List,
>
> I'am using the ForceCommand in my sshd configuration to log all the user
> actions on my device.
>
> ForceCommand /usr/bin/log-session.sh
>
> The Log Session Script itself is working fine for logging.
>
> But now I want also use SCP to copy files and this won't work together
> with the ForceCommand above.
>
> The copied file is created but its zero byte on the target.
>
> scp file.tar.gz ssh-user at 192.168.1.229:/home/ssh-user/
> Enter passphrase for key '/home/user/.ssh/id_ecdsa':
> C0664 28508 file.tar.gz
>
> -rw-r--r-- 1 ssh-user ssh-user 0 Mar 8 10:52 file.tar.gz
>
> Some ideas whats the reason for this behavior?
>
I solved the scp copy problem by adding this scp case to the
log-session.sh script
# if scp is requested we just forward this command
elif [ "$(echo ${SSH_ORIGINAL_COMMAND} | grep '^scp')" ]
then
echo starting SCP service >> $LOGFILE
echo ======================================== >> $LOGFILE
${SSH_ORIGINAL_COMMAND}
No the copy of files in both directions is fine. But I observe a
strange protocol error
Enter passphrase for key '/home/graute/.ssh/id_ecdsa':
test.log
100% 39 0.0KB/s 00:00
protocol error: expected control record
Best regards,
Oliver
More information about the openssh-unix-dev
mailing list