[scponly] SCP not logging - RH/AS3

Thu May 4 11:30:29 EDT 2006

Bradford,

Scponly only logs the command that gets executed on the remote server end, 
which don't usually show you all of what is going on.

For example, if I do:

scp myfile user at remotehost:

Then the command that gets issued on the remote host is: 'scp -t .'

If I issue:

scp myfile user at remotehost:outfile

Then the command issued on the remote host is: 'scp -t outfile'

If I issue:

scp myfile1 myfile2 user at remotehost:

Then the command issued on the remote host is: 'scp -d -t .'

That's the general idea behind what scponly allows.  If you want better 
logging, you should probably try something like the sftplogging patch which 
is available here:

http://sftplogging.sourceforge.net/

However, I don't believe that works with scp.  There is no reason, however, 
that scp couldn't be patched to log this type of information -- but I'm not 
aware of any attempts to do so.

I would suggest the sftplogging patch and limit transfers to sftp only.

--Kaleb

On Thursday 04 May 2006 7:39 am, Bradford Deeley wrote:
> I finally got SCP to work (I'm xfering files via cli from another *nix
> box)
>
>
>
> But - The whole point of using scponly was to get file transaction
> logging, which I am not seeing.
>
>
>
> I keep scp'ing a file called 'sun.jpg' - and I never see it in the logs.
>
>
>
> I have debug @ 1 - here is what I see :
>
>
>
>
>
> ##########3333#####May  3 16:07:51 erpstgapp1-dc-aus sshd[32228]:
> Accepted passw
>
> ord for scptest from 192.168.64.201 port 1023 ssh2
>
> May  3 16:07:51 erpstgapp1-dc-aus scponly[32234]: 3 arguments in total.
>
> May  3 16:07:51 erpstgapp1-dc-aus scponly[32234]: ^Iarg 0 is scponly
>
> May  3 16:07:51 erpstgapp1-dc-aus scponly[32234]: ^Iarg 1 is -c
>
> May  3 16:07:51 erpstgapp1-dc-aus scponly[32234]: ^Iarg 2 is scp -t .
>
> May  3 16:07:51 erpstgapp1-dc-aus scponly[32234]: opened log at
> LOG_AUTHPRIV, op
>
> ts 0x00000009
>
> May  3 16:07:51 erpstgapp1-dc-aus scponly[32234]: retrieved home
> directory of "/
>
> home/scptest" for user "scptest"
>
> May  3 16:07:51 erpstgapp1-dc-aus scponly[32234]: setting uid to 2011
>
> May  3 16:07:51 erpstgapp1-dc-aus scponly[32234]: processing request:
> "scp -t ."
>
>
>
> May  3 16:07:51 erpstgapp1-dc-aus scponly[32234]: Found "USER" and
> setting it to
>
>  "scptest"
>
> May  3 16:07:51 erpstgapp1-dc-aus scponly[32234]: Unable to find
> "SFTP_UMASK" in
>
>  the environment
>
> May  3 16:07:51 erpstgapp1-dc-aus scponly[32234]: Unable to find
> "SFTP_PERMIT_CH
>
> MOD" in the environment
>
> May  3 16:07:51 erpstgapp1-dc-aus scponly[32234]: Unable to find
> "SFTP_PERMIT_CH
>
> OWN" in the environment
>
> May  3 16:07:51 erpstgapp1-dc-aus scponly[32234]: Unable to find
> "SFTP_LOG_LEVEL
>
> " in the environment
>
> May  3 16:07:51 erpstgapp1-dc-aus scponly[32234]: Unable to find
> "SFTP_LOG_FACIL
>
> ITY" in the environment
>
> May  3 16:07:51 erpstgapp1-dc-aus scponly[32234]: Environment contains
> "USER=scp
>
> test"
>
> May  3 16:07:51 erpstgapp1-dc-aus scponly[32234]: running: /usr/bin/scp
> -t . (us
>
> ername: scptest(2011), IP/port: 192.168.64.201 1023 22)
>
>
>
> Notice: This transmission is for the sole use of the intended recipient(s)
> and may contain information that is confidential and/or privileged.  If you
> are not the intended recipient, please delete this transmission and any
> attachments and notify the sender by return email immediately.  Any
> unauthorized review, use, disclosure or distribution is prohibited.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : https://lists.ccs.neu.edu/pipermail/scponly/attachments/20060504/aa8e2dd4/attachment.bin