[nSLUG] Re: scp logging

Paul B wes902 at gmail.com
Tue Dec 13 22:21:25 AST 2005


The sshd daemon currently has no logging abilities for the exact
request of the opening post.

 Digging around the man pages for sshd_config
http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config the various
settings for log_level are:

             Gives the verbosity level that is used when logging messages from
             sshd.  The possible values are: QUIET, FATAL, ERROR, INFO, VER-
             BOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3.  The default is INFO.
             DEBUG and DEBUG1 are equivalent.  DEBUG2 and DEBUG3 each specify
             higher levels of debugging output.  Logging with a DEBUG level
             violates the privacy of users and is not recommended.

VERBOSE flag renders such information as:
Dec 13 21:57:33 navi sshd[16141]: subsystem request for sftp

DEBUG and higher settings will give you more information:
Dec 12 15:40:27 navi sshd[12070]: debug1: session_input_channel_req: sessio
n 0 req exec
Dec 12 15:40:27 navi sshd[12070]: debug2: fd 8 setting O_NONBLOCK
Dec 12 15:40:27 navi sshd[12070]: debug2: fd 8 is O_NONBLOCK
Dec 12 15:40:27 navi sshd[12070]: debug2: fd 10 setting O_NONBLOCK
Dec 12 15:40:28 navi sshd[12070]: debug2: channel 0: rcvd adjust 65577
Dec 12 15:40:28 navi sshd[12070]: debug2: channel 0: rcvd adjust 81920
Dec 12 15:40:29 navi sshd[12070]: debug2: channel 0: rcvd adjust 73728
Dec 12 15:40:30 navi sshd[12070]: debug2: channel 0: rcvd adjust 81920
Dec 12 15:40:30 navi sshd[12070]: debug2: channel 0: rcvd adjust 81920


  If you want to look at the CVS on current head you can see there is
no logging of "files transferred" etc.
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd.c?only_with_tag=HEAD

  In order to provide the exact details of files transferred via
scp/sftp you will have to patch your sshd with patch like the one at
http://www.sweb.cz/v_t_m/ There are currently patches there for the
latest portable OpenSSH.

  If you worried about people copying out data by sftp/scp please take
note there are a lot of ways around the logging.

On 12/13/05, Rich <budman85 at eastlink.ca> wrote:
> Here is what I found, scp is controlled by sshd, so you need to make
> sure the syslog options are enabled:
>
> look for the the sshd_config on your system
>         /etc or /etc/ssh
>
> Look for the SyslogFacility and LogLevel  options
> see what their values are, these will be used in syslog.conf
> uncomment them if they are commented out, then restart sshd
>
>
> Secure Shell logs debug and error messages using syslog. Logging is
> controlled by two configuration keywords: SyslogFacility and LogLevel.
> Use the appropriate syslog log levels (QUIET, FATAL, ERROR, INFO,
> VERBOSE, DEBUG) to gather more information about error scenarios. As
> defined by sshd_config, the default for syslogFacility is set to AUTH
> and LogLevel is set to INFO as in the following:
>
> #SyslogFacility AUTH
> #LogLevel INFO
>
>
> Now check the syslog.conf file
>
> Check if you are logging
> auth.info        -/var/log/secure.info
>
>
> Then recycle syslogd - kill -HUP syslogd
>
> Hope this helps
>
>
>
> On Tue, 2005-12-13 at 16:02 -0400, John Cordes wrote:
> >  Bob,
> >
> >  No, I never did receive any useful replies to my postings re
> > scp logging on May 23/05
> > (http://nslug.ns.ca/pipermail/nslug/2005-May/008328.html
> > and
> > http://nslug.ns.ca/pipermail/nslug/2005-May/008335.html)
> >
> >  I wrote then, amongst other things: "What linux programs
> > would allow for this kind of scp connection?"
> >
> >  except for this from my son Peter:
> >
> >  "sftp.  Or he could have used scp cordes.ca:dirname/* .,
> > since scp can expand wildcards on the remote machine.  But I'd
> > assume he used sftp, or a graphical frontend for it.  Maybe
> > rsync can work without showing as a login session."
> >
> >  And that's all I know, I'm afraid.
> >
> >  John
> >
> > On 12/9/05, Bob McLaren <BobMcLaren at fssi-ca.com> wrote:
> > >  Hi John, I read your May 23rd posting and I am completely
> > >  baffled that nobody seems to care that scp does not support
> > >  logging.  Did you ever find a way to implement it?  Any
> > >  feedback or pointers would be most appreciated.
> >
> >
> >
> > _______________________________________________
> > nSLUG mailing list
> > nSLUG at nslug.ns.ca
> > http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug
> >
> >
> --
> Rich <budman85 at eastlink.ca>
>
>
>
> _______________________________________________
> nSLUG mailing list
> nSLUG at nslug.ns.ca
> http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug
>
> 
>
>

!DSPAM:439f81a7184101610615079!




More information about the nSLUG mailing list