[scponly] scponly and sftp-logging patch possible?

Kaleb Pederson kpederson at mail.ewu.edu
Thu Jul 28 18:46:25 EDT 2005 

There are all sorts of things that could be affecting it.  I took a look 
briefly at the sftp logging patch, and it doesn't look like there is anything 
there that wouldn't work with scponly if the chroot is setup correctly.

I would suggest you run strace on the server against the ssh process that is 
connecting.  You can then tell exactly which system calls are failing (with 
respect to logging) and should be able to figure out what's going on.

I usually use something like this [ in this sequence ]:

# from the client
$ sftp username at hostname
[prompts for password ... I don't enter it yet]

# from the server
$ ps -Af | grep -i username
root     10206 16786  0 15:41 ?        00:00:00 sshd: username [priv]
sshd     10207 10206  0 15:41 ?        00:00:00 sshd: username [net]
root     10215 18650  0 15:42 pts/2    00:00:00 grep -i username

# still on server, now knowing PIDs
$ strace -o sftp.log -f -ff -p 10206
# make sure you substitute the right PID above

# from the client
[ finish entering password ]
[ execute sftp command you want logged ]
[ quit]

Now, you can take a look at sftp.log and find out what's going on.  There will 
be several sftp.log.<PID> files created.  You'll be interested in the one 
that exec's the scponly process.

I think that's about it.  Let us know what you find.

Hope it helps.

--Kaleb


On Thursday 28 July 2005 8:18 am, Mike Kriz wrote:
> I updated openssh and the patch, I am now running openssh version 4.1,
> and the newest sftp-logging patch.  I have the same symptoms, however.
>
> I just tested chmod, and it seems permission is denied regardless of the
> setting specified in sshd_config.  Which is OK, but not sure what it
> proves...
>
> As for the socket, I did originally create a dev/log socket and add it
> manually to syslog-ng.  However when it did not work without chrooting
> either, I determined that wasn't the issue as you mentioned.
>
> I contacted the author of the sftp-logging patch, but unfortunately have
> not heard from him.
>
> Since I do have it working with bash and other shells, I really believe
> it to be some sort of scponly configuration issue.  However, there seems
> to be no config options for scponly, other then the debuglevel?
>
> Any other advice?  Thanks!
>
>
> -----Original Message-----
> From: Ralf Durkee [mailto:rd at rd1.net]
> Sent: Thursday, July 28, 2005 10:43 AM
> To: Mike Kriz
> Cc: scponly at lists.ccs.neu.edu
> Subject: Re: [scponly] scponly and sftp-logging patch possible?
>
> You're going to need to create the appropriate syslog socket for the
> chrooted environment such as dev/log, but sounds like you have another
> problem since it's not logging in the non-chrooted environment.  Are the
>
> other features of the patch such as no chmod no chown working? If they
> are, then maybe there's something in the environment like a variable
> being required for the logging. There was a recent fix to the patch for
> environment variables. You may want to contact the author.
>
> [ from http://sftplogging.sourceforge.net/ ]
> June 23, 2005: openssh-4.0p1.sftplogging-v1.4.patch released which
> handles null values in environment variables. use this version if you're
>
> compiling on solaris. You may also use it on any other system, if you
> wish, although not necessary.
>
>
> -- Ralf Durkee, CISSP, GSEC, GCIH
> Principal Consultant
> 585-624-9551
> http://rd1.net
>
> Mike Kriz wrote:
> > I am trying to find a way to provide an SFTP server, but I also need
>
> to
>
> > have verbose logging of all file transfers.  I have installed the
> > sftp-logging patch, and it works great, but only if the user's shell
>
> is
>
> > set to bash (or other system shells).  I would like to have these
>
> users
>
> > ideally chrooted with scponly as the shell, but still have the verbose
> >
> > logs of all file transfers.
> >
> >
> >
> > I am able to get a working chroot environment with scponlyc, however
>
> the
>
> > only log entries I get are logins and logouts.  I thought it might be
>
> an
>
> > issue with having a chroot, but I also get no logging with the non
> > chrooted version of scponly.  Anyone have any ideas?
> >
> > I am running Gentoo Linux on x86.  My sshd_config sftp-logging
>
> section:
> > LogSftp yes
> >
> > SftpLogfacility AUTH
> >
> > SftpLogLevel VERBOSE
> >
> > SftpUmask 022
> >
> > SftpPermitChmod no
> >
> > SftpPermitChown no
> >
> >
> >
> > *Mike Kriz*
> > Systems Engineer
> > Infocision Management - Enterprise Systems
>
> _______________________________________________
> scponly mailing list
> scponly at lists.ccs.neu.edu
> https://lists.ccs.neu.edu/bin/listinfo/scponly
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : https://lists.ccs.neu.edu/pipermail/scponly/attachments/20050728/6b93ce56/attachment.bin

More information about the scponly mailing list