I'd like to have sshd write entries into the systemd journal logging sftp transfers. From googling, it seems that one needs to edit /etc/ssh/sshd_config adding this line: Subsystem sftp /usr/lib/ssh/sftp-server -f AUTH -l VERBOSE I can transfer files via filezilla (sftp) but I don't get anything in `journalctl -u sshd` that shows these transfers, just a few lines showing I connected. What am I doing wrong? I am using version 7.2p2 on Arch Linux. Thanks in advance!
On 05/09/2016 06:10 PM, John wrote:> I'd like to have sshd write entries into the systemd journal logging sftp transfers. From googling, it seems that one needs to edit /etc/ssh/sshd_config adding this line: > > Subsystem sftp /usr/lib/ssh/sftp-server -f AUTH -l VERBOSE > > > I can transfer files via filezilla (sftp) but I don't get anything in `journalctl -u sshd` that shows these transfers, just a few lines showing I connected. What am I doing wrong? I am using version 7.2p2 on Arch Linux. Thanks in advance!These logs are logged under different "user" than sshd. It should be logged under "sftp-server" process name. It certainly works on Fedora/RHEL, unless: * you are in chroot -- this requires a bit different approach * your user is blocked from opening or writing to /dev/log or however is syslog configured to accept logs Note, that using above settings logs under the user logging in and not under root so you need appropriate access. Regards, -- Jakub Jelen Associate Software Engineer Security Technologies Red Hat
Darren Tucker
2016-May-10 08:58 UTC
Cannot get sftp transfers to log in the systemd journal
Maybe try the internal-sftp subsystem instead of sftp? That runs inside sshd which has provisions for syslogging from inside a chroot (instead of as a separate executable). On May 9, 2016 18:11, "John" <da_audiophile at yahoo.com> wrote:> I'd like to have sshd write entries into the systemd journal logging sftp > transfers. From googling, it seems that one needs to edit > /etc/ssh/sshd_config adding this line: > > Subsystem sftp /usr/lib/ssh/sftp-server -f AUTH -l VERBOSE > > > I can transfer files via filezilla (sftp) but I don't get anything in > `journalctl -u sshd` that shows these transfers, just a few lines showing I > connected. What am I doing wrong? I am using version 7.2p2 on Arch > Linux. Thanks in advance! > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev >
> On 05/09/2016 06:10 PM, John wrote:> >> I'd like to have sshd write entries into the systemd journal logging > sftp transfers. From googling, it seems that one needs to edit > /etc/ssh/sshd_config adding this line: >> >> Subsystem sftp /usr/lib/ssh/sftp-server -f AUTH -l VERBOSE >> >> >> I can transfer files via filezilla (sftp) but I don't get anything in > `journalctl -u sshd` that shows these transfers, just a few lines showing I > connected. What am I doing wrong? I am using version 7.2p2 on Arch Linux. > Thanks in advance! > These logs are logged under different "user" than sshd. It should be > logged under "sftp-server" process name. It certainly works on > Fedora/RHEL, unless: > > * you are in chroot -- this requires a bit different approach > * your user is blocked from opening or writing to /dev/log or however > is syslog configured to accept logs > > Note, that using above settings logs under the user logging in and not > under root so you need appropriate access.Thank you for the reply. Indeed, I see entries for the entries in my journalctl output under 'sftp-server' if I transfer a file from a normal user on my system. I also setup a chroot-jail but as you mentioned, no logs are written for these. What is the different approach I need to use? To help, here is the relevant section of my sshd_config: Match group sshusers ChrootDirectory %h X11Forwarding no AllowTcpForwarding no PasswordAuthentication yes ForceCommand internal-sftp