Sftp logs

12/12/2006, 09h40

Dear SSH lovers,

I haven't been able to find out an answer in the present list :-(. If
i'm just not good enough to find it, please drop me the link to it...
I'm looking for sftp-server logs
(mkdir, rmdir, etc...) !!

My sshd log config look like this:
# Logging
SyslogFacility AUTH
LogLevel INFO

Looking to ssh source code version:
cat version.h
/* $OpenBSD: version.h,v 1.48 2006/11/07 10:31:31 markus Exp $ */
#define SSH_VERSION "OpenSSH_4.5"

I found out that using the default INFO log level, the "void
logit(const char *fmt,...)" function was used (log.c file). If I'm
right, all logit function call should appear in my AUTH facility log
file which is (from syslog.conf):
auth,authpriv.* /var/log/auth.log

Using grep (grep -R logit * | sed -e
's/$.*.c$:.*logit(\"$.*$\".*/\1\t\2/') to find out logit function
calls in source code, i find out some interesting log info but i'm not
able to see them in my syslog (auth) file. Maybe those function are
just not called by sftp-server !?

I wanted to be able to see the following lines (mkdir, rmdir, etc..)
which are given string to logit function:
sftp-server.c opendir \"%s\"
sftp-server.c remove name \"%s\"
sftp-server.c mkdir name \"%s\" mode 0%o
sftp-server.c rmdir name \"%s\"

For example the "static void process_opendir(void)" function which
seems to open a directory provide a nice logit line (logit("opendir
\"%s\"", path)

but i'm not able to get it into syslog...
I did my testing with an older SSH version (OpenSSH_4.3p2 Debian-2,
OpenSSL 0.9.8b 04 May 2006).

Maybe someone have a tip for me ?

Thanks a lot for your ,

Regards,

Joël

12/12/2006, 11h41

On 2006-12-12, joel.winteregg@gmail.com <joel.winteregg@gmail.com> wrote:
> I haven't been able to find out an answer in the present list :-(. If
> i'm just not good enough to find it, please drop me the link to it...
> I'm looking for sftp-server logs
> (mkdir, rmdir, etc...) !!
>
> My sshd log config look like this:
> # Logging
> SyslogFacility AUTH
> LogLevel INFO

You need to enable logging in sftp-server as it's not enabled by default.

Add the relevant options to the "Subsystem sftp" line in sshd_config
and restart sshd. The sftp-server man page has details on the options
(basically just "-f facility" and "-l loglevel").

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

12/12/2006, 13h50

Hi Darren,

Thanks a lot for the info. My sftp-server man page wasn't containing
option details... I found one with the needed information:
http://www.daemon-systems.org/man/sftp-server.8.html

Unfortunately i'm not able to give options of the "Subsystem" call in
my sshd_config file... I tryed many kind of escaping way but it doesn't
work...

Subsystem sftp /usr/lib/openssh/sftp-server -f AUTH -l INFO
Subsystem sftp "/usr/lib/openssh/sftp-server -f AUTH -l INFO"
Subsystem "sftp /usr/lib/openssh/sftp-server -f AUTH -l INFO"
Subsystem sftp '/usr/lib/openssh/sftp-server -f AUTH -l INFO'
etc...

Here is sshd output:
/etc/ssh/sshd_config line 75: garbage at end of line; "-f".

Do you maybe have an idea ? My sshd version is:
OpenSSH_4.3p2 Debian-2, OpenSSL 0.9.8b 04 May 2006

Many thanks !

Joël

Darren Tucker wrote:
> On 2006-12-12, joel.winteregg@gmail.com <joel.winteregg@gmail.com> wrote:
> > I haven't been able to find out an answer in the present list :-(. If
> > i'm just not good enough to find it, please drop me the link to it...
> > I'm looking for sftp-server logs
> > (mkdir, rmdir, etc...) !!
> >
> > My sshd log config look like this:
> > # Logging
> > SyslogFacility AUTH
> > LogLevel INFO
>
> You need to enable logging in sftp-server as it's not enabled by default.
>
> Add the relevant options to the "Subsystem sftp" line in sshd_config
> and restart sshd. The sftp-server man page has details on the options
> (basically just "-f facility" and "-l loglevel").
>
> --
> Darren Tucker (dtucker at zip.com.au)
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
> Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.

12/12/2006, 23h35

On 2006-12-12, joel.winteregg@gmail.com <joel.winteregg@gmail.com> wrote:
> Thanks a lot for the info. My sftp-server man page wasn't containing
> option details... I found one with the needed information:
> http://www.daemon-systems.org/man/sftp-server.8.html
>
> Unfortunately i'm not able to give options of the "Subsystem" call in
> my sshd_config file... I tryed many kind of escaping way but it doesn't
> work...
[...]
> Do you maybe have an idea ? My sshd version is:
> OpenSSH_4.3p2 Debian-2, OpenSSL 0.9.8b 04 May 2006

sftp-server logging and the ability to pass command line options to
subsystems were both added in version 4.4 (which is also why your
man pages don't have it).

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

13/12/2006, 08h26

Hi,

Ok, thanks for the info !! I should have look to the changelog
(http://www.openssh.com/txt/release-4.4) which says:
* Extend sshd_config(5) "SubSystem" declarations to allow the
specification of command-line arguments.

Many thanks for the tip !

Joël

Darren Tucker wrote:
> On 2006-12-12, joel.winteregg@gmail.com <joel.winteregg@gmail.com> wrote:
> > Thanks a lot for the info. My sftp-server man page wasn't containing
> > option details... I found one with the needed information:
> > http://www.daemon-systems.org/man/sftp-server.8.html
> >
> > Unfortunately i'm not able to give options of the "Subsystem" call in
> > my sshd_config file... I tryed many kind of escaping way but it doesn't
> > work...
> [...]
> > Do you maybe have an idea ? My sshd version is:
> > OpenSSH_4.3p2 Debian-2, OpenSSL 0.9.8b 04 May 2006
>
> sftp-server logging and the ability to pass command line options to
> subsystems were both added in version 4.4 (which is also why your
> man pages don't have it).
>
> --
> Darren Tucker (dtucker at zip.com.au)
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
> Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.

12/12/2006, 09h40	#1
joel.winteregg@gmail.com Messages: n/a Hébergeur:	Sftp logs Dear SSH lovers, I haven't been able to find out an answer in the present list :-(. If i'm just not good enough to find it, please drop me the link to it... I'm looking for sftp-server logs (mkdir, rmdir, etc...) !! My sshd log config look like this: # Logging SyslogFacility AUTH LogLevel INFO Looking to ssh source code version: cat version.h /* $OpenBSD: version.h,v 1.48 2006/11/07 10:31:31 markus Exp $ / #define SSH_VERSION "OpenSSH_4.5" I found out that using the default INFO log level, the "void logit(const char fmt,...)" function was used (log.c file). If I'm right, all logit function call should appear in my AUTH facility log file which is (from syslog.conf): auth,authpriv.* /var/log/auth.log Using grep (grep -R logit * \| sed -e 's/\(..c\):.logit(\"\(.\)\"./\1\t\2/') to find out logit function calls in source code, i find out some interesting log info but i'm not able to see them in my syslog (auth) file. Maybe those function are just not called by sftp-server !? I wanted to be able to see the following lines (mkdir, rmdir, etc..) which are given string to logit function: sftp-server.c opendir \"%s\" sftp-server.c remove name \"%s\" sftp-server.c mkdir name \"%s\" mode 0%o sftp-server.c rmdir name \"%s\" For example the "static void process_opendir(void)" function which seems to open a directory provide a nice logit line (logit("opendir \"%s\"", path) but i'm not able to get it into syslog... I did my testing with an older SSH version (OpenSSH_4.3p2 Debian-2, OpenSSL 0.9.8b 04 May 2006). Maybe someone have a tip for me ? Thanks a lot for your , Regards, Joël

12/12/2006, 11h41	#2
Darren Tucker Messages: n/a Hébergeur:	Re: Sftp logs On 2006-12-12, joel.winteregg@gmail.com <joel.winteregg@gmail.com> wrote: > I haven't been able to find out an answer in the present list :-(. If > i'm just not good enough to find it, please drop me the link to it... > I'm looking for sftp-server logs > (mkdir, rmdir, etc...) !! > > My sshd log config look like this: > # Logging > SyslogFacility AUTH > LogLevel INFO You need to enable logging in sftp-server as it's not enabled by default. Add the relevant options to the "Subsystem sftp" line in sshd_config and restart sshd. The sftp-server man page has details on the options (basically just "-f facility" and "-l loglevel"). -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.

12/12/2006, 13h50	#3
joel.winteregg@gmail.com Messages: n/a Hébergeur:	Re: Sftp logs Hi Darren, Thanks a lot for the info. My sftp-server man page wasn't containing option details... I found one with the needed information: http://www.daemon-systems.org/man/sftp-server.8.html Unfortunately i'm not able to give options of the "Subsystem" call in my sshd_config file... I tryed many kind of escaping way but it doesn't work... Subsystem sftp /usr/lib/openssh/sftp-server -f AUTH -l INFO Subsystem sftp "/usr/lib/openssh/sftp-server -f AUTH -l INFO" Subsystem "sftp /usr/lib/openssh/sftp-server -f AUTH -l INFO" Subsystem sftp '/usr/lib/openssh/sftp-server -f AUTH -l INFO' etc... Here is sshd output: /etc/ssh/sshd_config line 75: garbage at end of line; "-f". Do you maybe have an idea ? My sshd version is: OpenSSH_4.3p2 Debian-2, OpenSSL 0.9.8b 04 May 2006 Many thanks ! Joël Darren Tucker wrote: > On 2006-12-12, joel.winteregg@gmail.com <joel.winteregg@gmail.com> wrote: > > I haven't been able to find out an answer in the present list :-(. If > > i'm just not good enough to find it, please drop me the link to it... > > I'm looking for sftp-server logs > > (mkdir, rmdir, etc...) !! > > > > My sshd log config look like this: > > # Logging > > SyslogFacility AUTH > > LogLevel INFO > > You need to enable logging in sftp-server as it's not enabled by default. > > Add the relevant options to the "Subsystem sftp" line in sshd_config > and restart sshd. The sftp-server man page has details on the options > (basically just "-f facility" and "-l loglevel"). > > -- > Darren Tucker (dtucker at zip.com.au) > GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 > Good judgement comes with experience. Unfortunately, the experience > usually comes from bad judgement.

12/12/2006, 23h35	#4
Darren Tucker Messages: n/a Hébergeur:	Re: Sftp logs On 2006-12-12, joel.winteregg@gmail.com <joel.winteregg@gmail.com> wrote: > Thanks a lot for the info. My sftp-server man page wasn't containing > option details... I found one with the needed information: > http://www.daemon-systems.org/man/sftp-server.8.html > > Unfortunately i'm not able to give options of the "Subsystem" call in > my sshd_config file... I tryed many kind of escaping way but it doesn't > work... [...] > Do you maybe have an idea ? My sshd version is: > OpenSSH_4.3p2 Debian-2, OpenSSL 0.9.8b 04 May 2006 sftp-server logging and the ability to pass command line options to subsystems were both added in version 4.4 (which is also why your man pages don't have it). -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.

13/12/2006, 08h26	#5
joel.winteregg@gmail.com Messages: n/a Hébergeur:	Re: Sftp logs Hi, Ok, thanks for the info !! I should have look to the changelog (http://www.openssh.com/txt/release-4.4) which says: * Extend sshd_config(5) "SubSystem" declarations to allow the specification of command-line arguments. Many thanks for the tip ! Joël Darren Tucker wrote: > On 2006-12-12, joel.winteregg@gmail.com <joel.winteregg@gmail.com> wrote: > > Thanks a lot for the info. My sftp-server man page wasn't containing > > option details... I found one with the needed information: > > http://www.daemon-systems.org/man/sftp-server.8.html > > > > Unfortunately i'm not able to give options of the "Subsystem" call in > > my sshd_config file... I tryed many kind of escaping way but it doesn't > > work... > [...] > > Do you maybe have an idea ? My sshd version is: > > OpenSSH_4.3p2 Debian-2, OpenSSL 0.9.8b 04 May 2006 > > sftp-server logging and the ability to pass command line options to > subsystems were both added in version 4.4 (which is also why your > man pages don't have it). > > -- > Darren Tucker (dtucker at zip.com.au) > GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 > Good judgement comes with experience. Unfortunately, the experience > usually comes from bad judgement.

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email