PATCH: sftp-server logging.
Dan Kaminsky
dan at doxpara.com
Mon Mar 18 23:02:50 EST 2002
> sshd does log.
>
> does ls log if executed by apachae?
10.0.3.254 - - [17/Mar/2002:15:32:02 -0800] "GET /funny HTTP/1.1" 301 317
"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461)"
looks like a listing to me :-)
look. the logs useful to programmers are not the logs useful to sysadmins,
and just as it'd be rather disrespectful to tell you, the developer, that
you could do *your* job without knowing what the hell the system was doing,
it's just as wrong for you to tell the administrator deploying your code
that he should be able to do his job without a clear and concise view of who
transferred what.
there are of course issues in that users can execute their own sftp-server
processes. if you push it, that's a really good reason for somebody to
stand up and say "sftp is less secure than ftp". the solution is a sftp
only ssh daemon with a locked build of sftp-server that logs to syslog(thus
conveniently avoiding the user executed/root logged problem).
i don't think you realize there's an entire class of users that I trust to
get files from me but not to execute code on my server. sorry markus, i
don't trust you to execute code on my web server :-) if we are ever to wipe
the scourge of ftp off the face of the net, it's going to take a decent
amount of awareness of what a useful server process requires.
if you *must* have a security justification, fine. dos attacks are a little
easier to see when you're not getting 3498573985 lines of debug a day
anyway.
--dan
More information about the openssh-unix-dev
mailing list