[SOLVED] Can't get SFTP logging to work

GlowingApple · 02-27-2012, 03:33 PM

I'm running an SFTP server (openssh). I want to turn on SFTP logging to troubleshoot some issues. From the sftp-server man page, adding "-l INFO" should provide this:

Quote:

INFO and VERBOSE log transactions that sftp-server performs on behalf of the client.

So I changed my /etc/ssh/sshd_config to read:

Code:

Subsystem       sftp    /usr/libexec/openssh/sftp-server -l INFO -f AUTH

and restarted sshd, but I still see "subsystem request for sftp" as the sole log entry when connecting/cd/get/mget with SFTP. I also tried "-l VERBOSE", but no change.

I have not set up a chroot for SFTP, and I doubt it would be the default for CentOS, so I'm not sure what I'm missing. Any ideas?

kbp · 02-28-2012, 06:06 PM

Were you looking in /var/log/messages? .. it could depend on your syslog config, try using this instead:

Code:

Subsystem       sftp    /usr/libexec/openssh/sftp-server -l INFO -e

.. it will dump the logs onto the console instead of into syslog.

GlowingApple · 03-01-2012, 05:32 PM

Thanks for the response. I had tried that as well, but saw nothing on the console either. I ended up discovering the problem when I tried logging in as a user that normally doesn't use SFTP. I had set the shell for all "SFTP only" users to "/usr/libexec/openssh/sftp-server", and it appears that the options added to the sshd_config file weren't being read. I changed to internal-sftp (with the logging options) in sshd_config and logging is working now.

Thanks for your response though; sorry for not posting a "never mind, figured it out" response sooner!