Damien, Thanks for the pointer. I believe the environment is now setup correctly, but I can not get DEBUG3 messages to appear from internal-sftp in authlog.
I setup the log device file /ftp_jail/dev/log... [EMAIL PROTECTED]: ls -la /ftp_jail/dev/log srw-rw-rw- 1 root ftp 0 Mar 13 14:31 /ftp_jail/dev/log ...and syslogd points to /ftp_jail/dev/log syslogd -a /ftp_jail/dev/log -a /var/empty/dev/log When I sftp from 192.168.2.2 to the sftp server test0 I now get a line I did not see before, "subsystem request for sftp". As far as I can tell the log device is working correctly. This is the log of a sftp connection. As a test I switched directory, downloaded a test file and then disconnected. As you can see there is no mention in the logs. Mar 13 16:23:12 test0 sshd[24079]: Server listening on 0.0.0.0 port 22. Mar 13 16:23:25 test0 sshd[26118]: Connection from 192.168.2.2 port 48518 Mar 13 16:23:26 test0 sshd[26118]: Failed none for ftp from 192.168.2.2 port 48518 ssh2 Mar 13 16:23:26 test0 sshd[26118]: Failed publickey for ftp from 192.168.2.2 port 48518 ssh2 Mar 13 16:23:28 test0 sshd[26118]: Accepted password for ftp from 192.168.2.2 port 48518 ssh2 Mar 13 16:23:28 test0 sshd[10427]: Changed root directory to "/ftp_jail" Mar 13 16:23:28 test0 sshd[10427]: subsystem request for sftp Mar 13 16:23:44 test0 sshd[10427]: Connection closed by 192.168.2.2 Mar 13 16:23:44 test0 sshd[10427]: Closing connection to 192.168.2.2 This is my /etc/ssh/sshd_config if you can see anything wrong with it. I tried adding "ForceCommand internal-sftp -l DEBUG3" but this caused sshd to error. I appreciate the assistance. #### http://calomel.org/sftp_chroot.html ## /etc/ssh/sshd_config AllowTcpForwarding no ClientAliveCountMax 3 ClientAliveInterval 0 Compression delayed LoginGraceTime 60s LogLevel DEBUG3 MaxAuthTries 6 PasswordAuthentication yes PermitEmptyPasswords no PermitRootLogin no PermitTunnel no PermitUserEnvironment no Port 22 Protocol 2 StrictModes yes SyslogFacility AUTH TCPKeepAlive yes UseDNS no UsePrivilegeSeparation yes X11Forwarding no ## sftp directives Subsystem sftp internal-sftp -f AUTH -l DEBUG3 Match User ftp ForceCommand internal-sftp ChrootDirectory /ftp_jail #### http://calomel.org/sftp_chroot.html -- Calomel @ http://calomel.org Open Source Research and Reference On Thu, Mar 13, 2008 at 12:32:04PM +1100, Damien Miller wrote: >On Wed, 12 Mar 2008, Calomel wrote: > >> Is it possible to enable DEBUG logging for internal-sftp in sshd? >> >> Using -current (Mar 12, 2008) and enabling a chroot'd sftp server we can >> get sshd to log initial connections. But, we would also like to log sftp >> activity like uploads, downloads, and directory changes similar to what >> vsftpd does. >> >> The older sftp-server man page had a log facility (-f) and log level (-l) >> options, but those arguments might not have been carried over to >> internal-sftp. >> >> Perhaps the chroot environment keeps us from logging internal-sftp? > >Yes. You should be able to have syslogd(8) listen on /dev/log inside the >chroot to make messages from the internal sftp-server visible. > >-d