Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 05-04-2007, 10:09 AM   #1
LQ Newbie
Registered: Sep 2005
Posts: 2

Rep: Reputation: 0
SSH / SFTP session logging

We are in the process of migrating clients from vsftp (standard FTP) to SFTP to secure their login sessions. (Yes I know vsftp can do SSL if compiled to do so, but we have a client who is only prepared at the moment to do SFTP)

Auth key logins work just fine on the new server, but on our vsftp server we could get a log of every command issued by the client, and every response issued by the console, for troubleshooting. /var/log/secure even in verbose mode only seems to be recording authentications and not the sessions themselves. We need to be able to monitor what outside clients do while they are connected to our server.

Also, vsftp has a filexfer log that shows the status of all file transfers, whether they completed successfully or not. Is there a way to monitor this on SFTP? I know SFTP is basically just cp over an SSH connection, and not true FTP, but I can't be the only person who ever faced this issue.

All of the solutions I have seen seem to be directed at recording the session at the client end. I want a recording of the session on the server.

Anyone have a solution? Thanks!
Old 05-04-2007, 07:15 PM   #2
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599
SSH sets up a remote shell so it should honour the shell set for a user in /etc/passwd. Substituting /bin/bash for say Rootsh (or any equivalent logging shell like Sudosh?) should get you logging. If that's not what you want maybe look at what SELinux or syscall-based logging could provide. As for xfers I don't think anything can provide you with that. You win some, lose some it's still the same to me
The pleasure is to play, it makes no difference what you say
I don't share your greed, the only card I need is
The Ace Of Spades
The Ace Of Spades

//don't take it personal, just had to finish with lyrics given it's friday
Old 05-07-2007, 11:42 AM   #3
LQ Newbie
Registered: Apr 2004
Location: Wackernheim (Germany)
Distribution: RedHat AS 3/4/5
Posts: 24

Rep: Reputation: 15
One way is to setup a little wrapper environment

Like the .profile (or .bash_profile) will start logging what the users doing. Short example:

ownership like
-rw-r--r-- 1 root other 191 May 3 11:59 .bash_profile

start of logging within the .bash_profile like

/usr/bin/script -a /var/log/login.log

Should the users only copy files?
If yes, choose scponly instead of a normal shell

Only short ideas.....

Last edited by haddel; 05-07-2007 at 12:00 PM.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh -> perl -> spawn background proces hangs ssh session rhoekstra Programming 2 04-25-2006 02:05 AM
closing SSH session without killing the SFTP transfer on the remote machine stevec Linux - Software 2 04-20-2006 06:13 PM
SFTP and SSH XaViaR Linux - Security 5 07-20-2005 11:18 AM
X Terminal Session Logging phiw1123 Linux - Software 1 04-26-2005 04:15 PM
logging a terminal session Louis_Carole Linux - Newbie 1 11-16-2004 04:28 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:48 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration