[scponly] scponlyc logging

Stuart VanZee StuartV at datalinesys.com
Tue Aug 5 14:58:56 EDT 2008 

Well... That did it.  Thank you very much.

Looking in the man page for syslogd it says:

     -a path
             Specify a location where syslogd should place an additional log
             socket.  Up to about 20 additional logging sockets can be speci-
             fied.  The primary use for this is to place additional log sock-
             ets in /dev/log of various chroot filespaces.

Do you have any idea what the "Up to about 20" is all about?  I will
eventually (probably sooner than later) have to support much more than
20 accounts that are able to sftp (and be chrooted) on this box. Do you
know if there is a way of getting around this limit or if this limit is
a hard limit or not?

Thank you again

s


> From: Kaleb Pederson [mailto:kaleb.pederson at gmail.com]
> Subject: Re: [scponly] scponlyc logging
> 
> 
> Do you have a /dev/log device or a have your logging daemon setup to
> listen on a socket within the chroot?
> 
> Typically, you'll pass an extra parameter to syslogd, such as '-a
> /path/to/chroot/path/to/socket' in order for the device to be found.
> 
> Are the arguments that you have the sftp-server subsystem configured
> to use being passed in? (see the scponly logs)
> 
> Also, use DEBUG3 is not the best way to go about getting logging
> information out of the sftp-server.  You should see the sftp-logging
> patch (if you're on an older version of ssh) or the sftp-filecontrol
> patch (for newer versions).  These versions will log the correct
> amount of information in the appropriate way.
> 
> Let us know how it goes.
> 
> --Kaleb
> 
> On Tue, Aug 5, 2008 at 6:07 AM, Stuart VanZee 
> <StuartV at datalinesys.com> wrote:
> >
> > Hello,
> >
> > I have been trying to get logging working for scponlyc.
> >
> > There is a requirement that all file transfers and deletes be
> > logged for a project that I am working on.  There is also a
> > requirement that all clients be chrooted into their own home
> > folders.  I have been able to get logging working using strait
> > sftp w/out scponly, but when I use an scponlyc account on the
> > same box I do not get any logging.
> >
> > Here is what I have.
> >
> > /usr/local/etc/scponly/debuglevel  contains a 2
> >
> > /etc/ssh/sshd_config contains the following pertinent settings:
> >
> > SyslogFacility AUTH
> > LogLevel DEBUG3
> >
> > and the Subsystem line:
> >
> > Subsystem       sftp    /usr/libexec/sftp-server -f AUTH -l DEBUG3
> >
> > I think I have all the proper files in the chroot.  I have run ldd
> > on everything and it all seems to be there.
> >
> > The system is OpenBSD 4.3 and scponly 4.8
> >
> > please let me know if there is any more info you need or if you have
> > any idea how to get this going.  My PHB is getting pretty annoyed
> > that I haven't gotten it up and running yet.
> >
> > Stuart van Zee
> > stuartv at datalinesys.com
> >
> > PHB=Pointy Haired Boss
> >
> > _______________________________________________
> > scponly mailing list
> > scponly at lists.ccs.neu.edu
> > https://lists.ccs.neu.edu/bin/listinfo/scponly
> >
> 
> 
>

More information about the scponly mailing list