One is chroot without any support files, which requires logging through a privileged monitor. When using chroot, there are basically two possibilities. The messages are now logged to /var/log/sftp.log and owing to the presence of '&~' they would be limited to /var/log/sftp.log only. *.info mail.none authpriv.none cron.none /var/log/messages If you'd like to log the sftp transactions in one specific only then edit the /etc/nf file to have the following lines :.Mar 9 09:49:04 localhost sftp-server: lstat name "/root" Mar 9 09:49:02 localhost sftp-server: realpath "." If you want to achieve logging into a different file, you have to configure rsyslog to direct messages into the other file, for example using the log_facility option, in /etc/ssh/sshd_config: Subsystem sftp /usr/libexec/openssh/sftp-server -l VERBOSE -f LOCA元Īnd in /etc/nf: local3.* /var/log/sftp.logĪfter restarting sshd and rsyslog, you will find the following logs in /var/log/sftp.log: Mar 9 09:49:02 localhost sftp-server: received client version 3 Mar 9 09:39:09 localhost sftp-server: lstat name "/root" Mar 9 09:39:07 localhost sftp-server: realpath "." Logging without chroot Single fileīasically, if we don't use chroot, we can rely on the default configuration and the only thing needed is to allow logging from sftp-server by adding command-line arguments to the Subsystem sftp line in /etc/ssh/sshd_config: Subsystem sftp /usr/libexec/openssh/sftp-server -l VERBOSEĪfter restarting sshd and performing sftp session, these lines will appear in /var/log/messages: Mar 9 09:39:07 localhost sftp-server: received client version 3 On the next lines, I would like to elaborate on the possibilities. This was finally solved in RHEL 6 using file descriptor passing and in RHEL 7 this feature is achieved using a privileged monitor. In the past, there were problems with logging user activity in chrooted environment because of missing files to do so. Using sftp to store data on a file server became a popular and secure way.
0 Comments
Leave a Reply. |