[scponly] RE: scponly Digest, Vol 41, Issue 1
Bradford Deeley
bradford.deeley at activant.com
Thu May 4 12:03:31 EDT 2006
Cool - So I guess it impossible to log file xfers w/ scp then.
-----Original Message-----
From: scponly-bounces at lists.ccs.neu.edu
[mailto:scponly-bounces at lists.ccs.neu.edu] On Behalf Of
scponly-request at lists.ccs.neu.edu
Sent: Thursday, May 04, 2006 11:01 AM
To: scponly at lists.ccs.neu.edu
Subject: scponly Digest, Vol 41, Issue 1
Send scponly mailing list submissions to
scponly at lists.ccs.neu.edu
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ccs.neu.edu/bin/listinfo/scponly
or, via email, send a message with subject or body 'help' to
scponly-request at lists.ccs.neu.edu
You can reach the person managing the list at
scponly-owner at lists.ccs.neu.edu
When replying, please edit your Subject line so it is more specific
than "Re: Contents of scponly digest..."
Today's Topics:
1. SCP not logging - RH/AS3 (Bradford Deeley)
2. Re: SCP not logging - RH/AS3 (Kaleb Pederson)
----------------------------------------------------------------------
Message: 1
Date: Thu, 4 May 2006 09:39:44 -0500
From: "Bradford Deeley" <bradford.deeley at activant.com>
Subject: [scponly] SCP not logging - RH/AS3
To: <scponly at lists.ccs.neu.edu>
Message-ID:
<299BB96A55483844A39E997E61C050250236E900 at exch3-dc-aus.northamerica.corp
orate-domain.net>
Content-Type: text/plain; charset="us-ascii"
I finally got SCP to work (I'm xfering files via cli from another *nix
box)
But - The whole point of using scponly was to get file transaction
logging, which I am not seeing.
I keep scp'ing a file called 'sun.jpg' - and I never see it in the logs.
I have debug @ 1 - here is what I see :
##########3333#####May 3 16:07:51 erpstgapp1-dc-aus sshd[32228]:
Accepted passw
ord for scptest from 192.168.64.201 port 1023 ssh2
May 3 16:07:51 erpstgapp1-dc-aus scponly[32234]: 3 arguments in total.
May 3 16:07:51 erpstgapp1-dc-aus scponly[32234]: ^Iarg 0 is scponly
May 3 16:07:51 erpstgapp1-dc-aus scponly[32234]: ^Iarg 1 is -c
May 3 16:07:51 erpstgapp1-dc-aus scponly[32234]: ^Iarg 2 is scp -t .
May 3 16:07:51 erpstgapp1-dc-aus scponly[32234]: opened log at
LOG_AUTHPRIV, op
ts 0x00000009
May 3 16:07:51 erpstgapp1-dc-aus scponly[32234]: retrieved home
directory of "/
home/scptest" for user "scptest"
May 3 16:07:51 erpstgapp1-dc-aus scponly[32234]: setting uid to 2011
May 3 16:07:51 erpstgapp1-dc-aus scponly[32234]: processing request:
"scp -t ."
May 3 16:07:51 erpstgapp1-dc-aus scponly[32234]: Found "USER" and
setting it to
"scptest"
May 3 16:07:51 erpstgapp1-dc-aus scponly[32234]: Unable to find
"SFTP_UMASK" in
the environment
May 3 16:07:51 erpstgapp1-dc-aus scponly[32234]: Unable to find
"SFTP_PERMIT_CH
MOD" in the environment
May 3 16:07:51 erpstgapp1-dc-aus scponly[32234]: Unable to find
"SFTP_PERMIT_CH
OWN" in the environment
May 3 16:07:51 erpstgapp1-dc-aus scponly[32234]: Unable to find
"SFTP_LOG_LEVEL
" in the environment
May 3 16:07:51 erpstgapp1-dc-aus scponly[32234]: Unable to find
"SFTP_LOG_FACIL
ITY" in the environment
May 3 16:07:51 erpstgapp1-dc-aus scponly[32234]: Environment contains
"USER=scp
test"
May 3 16:07:51 erpstgapp1-dc-aus scponly[32234]: running: /usr/bin/scp
-t . (us
ername: scptest(2011), IP/port: 192.168.64.201 1023 22)
Notice: This transmission is for the sole use of the intended
recipient(s) and may contain information that is confidential and/or
privileged. If you are not the intended recipient, please delete this
transmission and any attachments and notify the sender by return email
immediately. Any unauthorized review, use, disclosure or distribution
is prohibited.
-------------- next part --------------
HTML attachment scrubbed and removed
------------------------------
Message: 2
Date: Thu, 04 May 2006 08:30:29 -0700
From: Kaleb Pederson <kpederson at mail.ewu.edu>
Subject: Re: [scponly] SCP not logging - RH/AS3
To: scponly at lists.ccs.neu.edu
Message-ID: <200605040830.32554.kpederson at mail.ewu.edu>
Content-Type: text/plain; charset="utf-8"
Bradford,
Scponly only logs the command that gets executed on the remote server
end,
which don't usually show you all of what is going on.
For example, if I do:
scp myfile user at remotehost:
Then the command that gets issued on the remote host is: 'scp -t .'
If I issue:
scp myfile user at remotehost:outfile
Then the command issued on the remote host is: 'scp -t outfile'
If I issue:
scp myfile1 myfile2 user at remotehost:
Then the command issued on the remote host is: 'scp -d -t .'
That's the general idea behind what scponly allows. If you want better
logging, you should probably try something like the sftplogging patch
which
is available here:
http://sftplogging.sourceforge.net/
However, I don't believe that works with scp. There is no reason,
however,
that scp couldn't be patched to log this type of information -- but I'm
not
aware of any attempts to do so.
I would suggest the sftplogging patch and limit transfers to sftp only.
--Kaleb
On Thursday 04 May 2006 7:39 am, Bradford Deeley wrote:
> I finally got SCP to work (I'm xfering files via cli from another *nix
> box)
>
>
>
> But - The whole point of using scponly was to get file transaction
> logging, which I am not seeing.
>
>
>
> I keep scp'ing a file called 'sun.jpg' - and I never see it in the
logs.
>
>
>
> I have debug @ 1 - here is what I see :
>
>
>
>
>
> ##########3333#####May 3 16:07:51 erpstgapp1-dc-aus sshd[32228]:
> Accepted passw
>
> ord for scptest from 192.168.64.201 port 1023 ssh2
>
> May 3 16:07:51 erpstgapp1-dc-aus scponly[32234]: 3 arguments in
total.
>
> May 3 16:07:51 erpstgapp1-dc-aus scponly[32234]: ^Iarg 0 is scponly
>
> May 3 16:07:51 erpstgapp1-dc-aus scponly[32234]: ^Iarg 1 is -c
>
> May 3 16:07:51 erpstgapp1-dc-aus scponly[32234]: ^Iarg 2 is scp -t .
>
> May 3 16:07:51 erpstgapp1-dc-aus scponly[32234]: opened log at
> LOG_AUTHPRIV, op
>
> ts 0x00000009
>
> May 3 16:07:51 erpstgapp1-dc-aus scponly[32234]: retrieved home
> directory of "/
>
> home/scptest" for user "scptest"
>
> May 3 16:07:51 erpstgapp1-dc-aus scponly[32234]: setting uid to 2011
>
> May 3 16:07:51 erpstgapp1-dc-aus scponly[32234]: processing request:
> "scp -t ."
>
>
>
> May 3 16:07:51 erpstgapp1-dc-aus scponly[32234]: Found "USER" and
> setting it to
>
> "scptest"
>
> May 3 16:07:51 erpstgapp1-dc-aus scponly[32234]: Unable to find
> "SFTP_UMASK" in
>
> the environment
>
> May 3 16:07:51 erpstgapp1-dc-aus scponly[32234]: Unable to find
> "SFTP_PERMIT_CH
>
> MOD" in the environment
>
> May 3 16:07:51 erpstgapp1-dc-aus scponly[32234]: Unable to find
> "SFTP_PERMIT_CH
>
> OWN" in the environment
>
> May 3 16:07:51 erpstgapp1-dc-aus scponly[32234]: Unable to find
> "SFTP_LOG_LEVEL
>
> " in the environment
>
> May 3 16:07:51 erpstgapp1-dc-aus scponly[32234]: Unable to find
> "SFTP_LOG_FACIL
>
> ITY" in the environment
>
> May 3 16:07:51 erpstgapp1-dc-aus scponly[32234]: Environment contains
> "USER=scp
>
> test"
>
> May 3 16:07:51 erpstgapp1-dc-aus scponly[32234]: running:
/usr/bin/scp
> -t . (us
>
> ername: scptest(2011), IP/port: 192.168.64.201 1023 22)
>
>
>
> Notice: This transmission is for the sole use of the intended
recipient(s)
> and may contain information that is confidential and/or privileged.
If you
> are not the intended recipient, please delete this transmission and
any
> attachments and notify the sender by return email immediately. Any
> unauthorized review, use, disclosure or distribution is prohibited.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url :
https://lists.ccs.neu.edu/pipermail/scponly/attachments/20060504/aa8e2dd
4/attachment-0001.bin
------------------------------
_______________________________________________
scponly mailing list
scponly at lists.ccs.neu.edu
https://lists.ccs.neu.edu/bin/listinfo/scponly
End of scponly Digest, Vol 41, Issue 1
**************************************
Notice: This transmission is for the sole use of the intended recipient(s) and may contain information that is confidential and/or privileged. If you are not the intended recipient, please delete this transmission and any attachments and notify the sender by return email immediately. Any unauthorized review, use, disclosure or distribution is prohibited.
More information about the scponly
mailing list