[scponly] Intermittently working sftp - work-around fix
Whit Blauvelt
whit at transpect.com
Mon Jun 15 16:36:36 EDT 2009
On Mon, Jun 15, 2009 at 01:18:51PM -0700, Kaleb Pederson wrote:
> If you only need chrooted sftp functionality, I'd recommend the
> built-in OpenSSH approach.
I have found another small advantage to scponly with sftp-internal. Logging
works more easily. With
Subsystem sftp internal-sftp -l VERBOSE
in sshd_config the file transfers get logged when working through scponly
without further action. Using the built-in OpenSSH match approach they don't
unless additional steps are taken - including evidently adding a /dev
directory for each sftp user and adding a flag to the SYSLOGD variable in
/etc/default/syslogd (if Debian) to have it collect the log also from there.
Even that doesn't work before Openssh 5.2 (while 5.1 logs fine as above).
See
http://www.debian-administration.org/article/OpenSSH_logging_with_ChrootDirectory
and comments.
I tried that syslog dev trick with scponly without internal-sftp, btw, and
it was not the solution to the problem I was having.
> I've considered it for a while and cannot come up with any reasonable
> reasons why scponly would break in your scenario. I don't believe I've
> changed anything in scponly that would change the behavior your
> experiencing, you're welcome to try the current CVS to see if it works
> for you.
>
> Please let me know if you do.
Appreciate your consideration. Since I only at present need sftp - which
works with internal-sftp set by either method - I won't be testing further
just now. I'm guessing it's either OpenSSH changes or Debian/Ubuntu changes
at work.
Best,
Whit
More information about the scponly
mailing list