Aw: Re: Re: Howto log multiple sftpd instances with their chroot shared via NFS

[Jochen Bern]

On 29.09.21 13:27, Hildegard Meier wrote:
>>> sshd[27049]: Accepted publickey for [REDACTED] from [REDACTED] port 54343 ssh2: RSA SHA256:[REDACTED]
>>> sshd[27049]: pam_unix(sshd:session): session opened for user [REDACTED] by (uid=0)
>>> sshd[27049]: session opened for local user [REDACTED] from [REDACTED] [postauth]
>>> sshd[27049]: sent status No such file [postauth]
>>> sshd[27049]: sent status No such file [postauth]
>>> sshd[27049]: open "[REDACTED]" flags WRITE,CREATE,TRUNCATE mode 0666 [postauth]
>>> sshd[27049]: close "[REDACTED]" bytes read 0 written 5870358 [postauth]
>>> sshd[27049]: session closed for local user [REDACTED] from [REDACTED] [postauth]
>>> sshd[27049]: pam_unix(sshd:session): session closed for user [REDACTED]
> 
> Have all sftp log messages from today the prefix sshd[27049]?

No, the PID changes from login to login (and the master "/usr/sbin/sshd 
-D"'s PID does not show up at all).

(Did I say in previous posts that I took this from /var/log/messages ? 
Of course *not*, thanks to:

>>> SyslogFacility AUTHPRIV

and CentOS' default syslogd configs, it's all in /var/log/secure .)

> Sorry for this question, but [...]
> You have "ChrootDirectory" set in sshd_config, right?
> 
> E.g. I have set
> ChrootDirectory %h

There's a "ChrootDirectory %h" within the "Match group mandanten" block, 
yes. I also see the cwd as "/" and the group ownerships as "users" in a 
test login (while the GID is named "mandanten" in the *real* /etc/group 
), so the chroot() definitely works. I'd be in HUGE trouble if it 
didn't. :-3

Regards,
-- 
Jochen Bern
Systemingenieur

Binect GmbH
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3449 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20210929/219e9ece/attachment.p7s>