SFTP logging for Chroot on CentOS 6.2 with openssh-5.3 not working (internal-sftp)
Hello all, and, thanks in advance for any replies.
I did search for this topic on this forum, and with google. I found some promising information, but, I have not been able to get this to work yet.
I'm hoping for some help getting SFTP logging detail to /var/log/sftp.log, for Chrooted users.
I've been able to get the jailed chroot working, but when I sftp a file, the only logs I see are in the /var/log/secure file, and they only include authentication information, like:
Aug 29 10:07:40 superbadjr sshd: Accepted password for ...
Aug 29 10:07:40 superbadjr sshd: pam_unix(sshd:session): session opened for user...
Aug 29 10:07:40 superbadjr sshd: subsystem request for sftp
Aug 29 10:08:40 superbadjr sshd: pam_unix(sshd:session): session closed for user...
I would like for the sftp.log file to include the open and close log entries, like:
Aug 28 11:26:20 superbadjr internal-sftp: open "/var/ftp/sftproot/wegener/status.txt" flags WRITE,CREATE,TRUNCATE mode 0666
Aug 28 11:26:20 superbadjr internal-sftp: close "/var/ftp/sftproot/wegener/status.txt" bytes read 0 written 293825
Note -- non-chrooted users log to the sftp.log file just fine.
Here's the changes I've made to the /etc/ssh/sshd_config file:
#Subsystem sftp /usr/libexec/openssh/sftp-server -l INFO -f AUTH
Subsystem sftp internal-sftp -l INFO -f AUTH
Match Group sftponly
Note - the home directory I'm using for the above "%h" is /var/ftp/sftproot
Here's the changes I've made to /etc/rsyslog.conf:
# Create an additional socket for some of the sshd chrooted users:
Note - I did create the /var/ftp/sftproot/dev directory, and, the "log" socket did get created upon restarting the rsyslog service.
If there is any further information I could provide to help, please let me know.
Again, thanks for any replies.
Shouldn't you set up sockets before you configure where you want to log facility / priority pairs to?
|All times are GMT -5. The time now is 01:04 AM.|