Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

SFTP Access Logging
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
sjcarr
n00b
n00b


Joined: 06 Jun 2005
Posts: 47
PostPosted: Sat Jan 05, 2008 1:05 pm    Post subject: SFTP Access Logging Reply with quote
Just a quick one really, does anyone know how you can make SFTP log abit more detail about who is connecting from where etc.

At the moment the logs show:
Code:
Jan  5 13:01:14 src@host sshd[18518]: Accepted password for root from 172.16.0.42 port 52065 ssh2
Jan  5 13:01:14 src@host sshd[18518]: subsystem request for sftp
Jan  5 13:01:16 src@host sshd[18518]: Received disconnect from 172.16.0.42: 11: Closed due to user request.
Jan  5 13:01:18 src@host sshd[18521]: Accepted publickey for sjcarr from 172.16.0.42 port 52066 ssh2
Jan  5 13:01:18 src@host sshd[18523]: subsystem request for sftp
Jan  5 13:01:19 src@host sshd[18523]: Received disconnect from 172.16.0.42: 11: Closed due to user request.


Is is possible for the line which states:
Code:
subsystem request for sftp

To instead say something like:
Code:
subsystem request for sftp for user@host/ip using software XYZ


Any thoughts?
Back to top
View user's profile Send private message
Dagger
Retired Dev
Retired Dev


Joined: 11 Jun 2003
Posts: 765
Location: UK
PostPosted: Sat Jan 05, 2008 2:30 pm    Post subject: Reply with quote
unless you want to hack SSH by yourself I I wouldn't expect that. You've got information about the user and his source IP in the line above.

You can make yourself a simple log parser which would read your logs and create an output you want with USER@IP, but thats it.
_________________
95% of all computer errors occur between chair and keyboard (TM)
Join the FSF as an Associate Member!
Post under CC license.
Back to top
View user's profile Send private message
D-Code
n00b
n00b


Joined: 03 Feb 2006
Posts: 3
Location: Stockholm
PostPosted: Mon Jan 07, 2008 7:34 pm    Post subject: Reply with quote
SSHD can only log so much, but it is possible to make sftp-server log session activity.

Open the file /etc/ssh/sshd_config for editing.

Look for the line that says:
Code:
Subsystem sftp /usr/lib/misc/sftp-server

Change that line to say:
Code:
Subsystem sftp /usr/lib/misc/sftp-server -l INFO -f USER

Then reload/restart sshd to apply the changes.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy