LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 08-25-2010, 08:13 PM   #1
blither
Member
 
Registered: Dec 2002
Location: Ohio
Distribution: LFS, Ubuntu
Posts: 157

Rep: Reputation: 15
internal-sftp logging sshd


I have been looking into how to get logging on my SSH server. I would like to have logs similar to what normal FTPs would have when you connect and download/upload. But the only logging I have been able to find is either VERBOSE or DEBUG. Both of which seem to give too much information. It would be nice if there was a logging mode that was just commands sent to the server, does anyone know if this exists?
 
Old 08-25-2010, 09:44 PM   #2
quanta
Member
 
Registered: Aug 2007
Location: Vietnam
Distribution: RedHat based, Debian based, Slackware, Gentoo
Posts: 724

Rep: Reputation: 100Reputation: 100
In sshd_config, change this:
Code:
Subsystem	sftp	/usr/libexec/openssh/sftp-server
to:
Code:
Subsystem	sftp	/usr/libexec/openssh/sftp-server -l INFO -f AUTH
Add a line into syslog.conf:
Code:
auth.info						/var/log/sftp.log
Restart sshd, syslog and see it working.
 
Old 08-25-2010, 10:53 PM   #3
blither
Member
 
Registered: Dec 2002
Location: Ohio
Distribution: LFS, Ubuntu
Posts: 157

Original Poster
Rep: Reputation: 15
Code:
auth.info                /var/log/sftp.log
Wouldn't that log all of my auth.info to sftp.log instead of just sftp though?

And you wouldn't happen to know where syslog.conf is located in Ubuntu 9.10 would you?

And I did implant the first part that was what I was looking for thank you. I must have over looked the info logging. verbose just had too much information that was not needed, I guess that is why they call it verbose
 
Old 08-25-2010, 11:24 PM   #4
quanta
Member
 
Registered: Aug 2007
Location: Vietnam
Distribution: RedHat based, Debian based, Slackware, Gentoo
Posts: 724

Rep: Reputation: 100Reputation: 100
Quote:
Originally Posted by blither View Post
Code:
auth.info                /var/log/sftp.log
Wouldn't that log all of my auth.info to sftp.log instead of just sftp though?
Because sftp run over ssh, it will included the info such as: session opened, closed in the log file.
Quote:
Originally Posted by blither View Post
And you wouldn't happen to know where syslog.conf is located in Ubuntu 9.10 would you?
/etc/syslog.conf (not sure).
 
Old 01-12-2011, 07:19 PM   #5
alpha01
Member
 
Registered: Jul 2008
Location: Orange County
Distribution: Ubuntu/Debian, CentOS, RHEL, FreeBSD, OS X
Posts: 75

Rep: Reputation: 19
Quote:
Originally Posted by quanta View Post
In sshd_config, change this:
Code:
Subsystem	sftp	/usr/libexec/openssh/sftp-server
to:
Code:
Subsystem	sftp	/usr/libexec/openssh/sftp-server -l INFO -f AUTH
Add a line into syslog.conf:
Code:
auth.info						/var/log/sftp.log
Restart sshd, syslog and see it working.
I actually implemented an identical solution like this, however this configuration seems to only log the activity when ever root logs into the Linux machine using sftp but not with user accounts whose login shells have been set as /usr/libexec/openssh/sftp-server.

Any idea on why this would be the case?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SSHD logging and pubkey certs rwadkins Linux - Newbie 3 02-04-2009 09:13 AM
Is there a point to SSHD and VSFTPD if I only want SFTP? Meson Linux - Server 3 03-11-2008 12:56 AM
SSH / SFTP session logging phatgeezer Linux - Security 2 05-07-2007 10:42 AM
sshd appears not to start sftp-server leontini Linux - Networking 11 01-23-2007 12:51 AM
Concepts/Security types/ Setup: OpenSSH/sshd/ssh/scp/sftp Caud Pong Linux - Security 5 09-23-2004 06:51 AM


All times are GMT -5. The time now is 03:21 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration