[scponly] scponly and sftp-logging patch possible?
Ralf Durkee
rd at rd1.net
Thu Jul 28 10:42:52 EDT 2005
You're going to need to create the appropriate syslog socket for the
chrooted environment such as dev/log, but sounds like you have another
problem since it's not logging in the non-chrooted environment. Are the
other features of the patch such as no chmod no chown working? If they
are, then maybe there's something in the environment like a variable
being required for the logging. There was a recent fix to the patch for
environment variables. You may want to contact the author.
[ from http://sftplogging.sourceforge.net/ ]
June 23, 2005: openssh-4.0p1.sftplogging-v1.4.patch released which
handles null values in environment variables. use this version if you're
compiling on solaris. You may also use it on any other system, if you
wish, although not necessary.
-- Ralf Durkee, CISSP, GSEC, GCIH
Principal Consultant
585-624-9551
http://rd1.net
Mike Kriz wrote:
> I am trying to find a way to provide an SFTP server, but I also need to
> have verbose logging of all file transfers. I have installed the
> sftp-logging patch, and it works great, but only if the user’s shell is
> set to bash (or other system shells). I would like to have these users
> ideally chrooted with scponly as the shell, but still have the verbose
> logs of all file transfers.
>
>
>
> I am able to get a working chroot environment with scponlyc, however the
> only log entries I get are logins and logouts. I thought it might be an
> issue with having a chroot, but I also get no logging with the non
> chrooted version of scponly. Anyone have any ideas?
>
> I am running Gentoo Linux on x86. My sshd_config sftp-logging section:
>
>
>
> LogSftp yes
>
> SftpLogfacility AUTH
>
> SftpLogLevel VERBOSE
>
> SftpUmask 022
>
> SftpPermitChmod no
>
> SftpPermitChown no
>
>
> *Mike Kriz*
> Systems Engineer
> Infocision Management - Enterprise Systems
More information about the scponly
mailing list