Aw: Re: Re: Howto log multiple sftpd instances with their chroot shared via NFS

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Thanks Jochen,

> > sshd[27049]: Accepted publickey for [REDACTED] from [REDACTED] port 54343 ssh2: RSA SHA256:[REDACTED]
> > sshd[27049]: pam_unix(sshd:session): session opened for user [REDACTED] by (uid=0)
> > sshd[27049]: session opened for local user [REDACTED] from [REDACTED] [postauth]
> > sshd[27049]: sent status No such file [postauth]
> > sshd[27049]: sent status No such file [postauth]
> > sshd[27049]: open "[REDACTED]" flags WRITE,CREATE,TRUNCATE mode 0666 [postauth]
> > sshd[27049]: close "[REDACTED]" bytes read 0 written 5870358 [postauth]
> > sshd[27049]: session closed for local user [REDACTED] from [REDACTED] [postauth]
> > sshd[27049]: pam_unix(sshd:session): session closed for user [REDACTED]

Have all sftp log messages from today the prefix sshd[27049]? No other PIDs logged? I guess PID 27049 is the PID of the main sftpd(sshs) process?

> > SyslogFacility AUTHPRIV
> > UsePAM yes	# That's why there's messages from PAM in the log above
> > UsePrivilegeSeparation sandbox
> > Subsystem	sftp	internal-sftp
> > Match group mandanten
> >         PermitTTY no
> >         ForceCommand internal-sftp -l INFO -u 0077
>

Sorry for this question, but just to be sure because you neither posted this here nor in your other post
https://lists.mindrot.org/pipermail/openssh-unix-dev/2021-September/039673.html
where you post the output of "egrep '^[^#]*( mand|sftp)' /etc/ssh/sshd_config"

You have "ChrootDirectory" set in sshd_config, right?

E.g. I have set
ChrootDirectory %h


> If a .../dev/log is created within the .../dev/ directory *on the NFS
> share*, and never removed, that means that all the .../dev/log's there
> are were created *ONCE* by whichever syslogd got restarted *first* after
> the user was created, correct? But still only the syslogd restarted
> *last*, no matter whether on the same server or the other, gets that
> user's log messages?

That's correct

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux