> On 05/09/2016 06:10 PM, John wrote: > >> I'd like to have sshd write entries into the systemd journal logging > sftp transfers. From googling, it seems that one needs to edit > /etc/ssh/sshd_config adding this line: >> >> Subsystem sftp /usr/lib/ssh/sftp-server -f AUTH -l VERBOSE >> >> >> I can transfer files via filezilla (sftp) but I don't get anything in > `journalctl -u sshd` that shows these transfers, just a few lines showing I > connected. What am I doing wrong? I am using version 7.2p2 on Arch Linux. > Thanks in advance! > These logs are logged under different "user" than sshd. It should be > logged under "sftp-server" process name. It certainly works on > Fedora/RHEL, unless: > > * you are in chroot -- this requires a bit different approach > * your user is blocked from opening or writing to /dev/log or however > is syslog configured to accept logs > > Note, that using above settings logs under the user logging in and not > under root so you need appropriate access. Thank you for the reply. Indeed, I see entries for the entries in my journalctl output under 'sftp-server' if I transfer a file from a normal user on my system. I also setup a chroot-jail but as you mentioned, no logs are written for these. What is the different approach I need to use? To help, here is the relevant section of my sshd_config: Match group sshusers ChrootDirectory %h X11Forwarding no AllowTcpForwarding no PasswordAuthentication yes ForceCommand internal-sftp _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
