> -----Original Message----- > From: listbounce@xxxxxxxxxxxxxxxxx > [mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of Greg Wooledge > Sent: Friday, September 04, 2009 12:13 PM > To: secureshell@xxxxxxxxxxxxxxxxx > Subject: Re: logging file names with sftp > > On Thu, Sep 03, 2009 at 11:26:57AM -0500, Derek Martin wrote: > > The logging of individual file transfers arguably buys you > very little > > though, because the users are legitimate users who are > authenticated. > > This is generally quite a different situation from FTP > installations, > > where often the users are anonymous > > If I understand correctly, many people run an sftp service which is > essentially an encrypted, NAT-capable version of anonymous FTP. They > offer files (or file hosting space) to a large group of barely-trusted > people, and want to limit or track abuse of the service. > > The encryption may be used to prevent spying upon the traffic by > people outside the group. > > The ability of sftp to sit behind a NAT firewall (which FTP > cannot do -- > not with a straight NAT without special hacks) may be essential to > many sites. > When one of our technicians or engineers accesses one of our embedded systems in the field, we have no reasonable expectation of privacy. All sensitive data on the system belongs to someone else. We need to be trusted, but also accountable. We have gone to great lengths to make it impractical for even an authorized user to steal others' information. Having logs that we cannot tamper with is one more layer of security, mostly to help track who compromised the system if they do find away around the other layers. It is also an industry requirement, and our products are audited by independent firms to verify that we do in fact log accesses. I have not yet enabled SFTP, but most likely will in the future, with logging of all file accesses turned on.