Rocksolid Light

Welcome to RetroBBS

mail  files  register  newsreader  groups  login

Message-ID:  

"I never let my schooling get in the way of my education." -- Mark Twain

devel / comp.security.ssh / Re: Add user name to sftp logs?

SubjectAuthor
* Add user name to sftp logs?Nathan Zook
`* Add user name to sftp logs?Johnnie W Adams
 `- Add user name to sftp logs?Chris Townley

1
Add user name to sftp logs?

<efc46b29-7410-497d-a0c9-ad6ebb488ef1n@googlegroups.com>

  copy mid

https://www.rocksolidbbs.com/devel/article-flat.php?id=236&group=comp.security.ssh#236

  copy link   Newsgroups: comp.security.ssh
X-Received: by 2002:a05:6214:5656:b0:635:e39c:f4e5 with SMTP id mh22-20020a056214565600b00635e39cf4e5mr68982qvb.10.1689098374080;
Tue, 11 Jul 2023 10:59:34 -0700 (PDT)
X-Received: by 2002:a9d:7553:0:b0:6b7:45a8:a80c with SMTP id
b19-20020a9d7553000000b006b745a8a80cmr2323502otl.3.1689098373765; Tue, 11 Jul
2023 10:59:33 -0700 (PDT)
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!newsfeed.hasname.com!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer02.iad!feed-me.highwinds-media.com!news.highwinds-media.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.security.ssh
Date: Tue, 11 Jul 2023 10:59:33 -0700 (PDT)
Injection-Info: google-groups.googlegroups.com; posting-host=75.147.182.25; posting-account=ei5xWAoAAABzWUPVWi-CJGp5bAbf3Kzf
NNTP-Posting-Host: 75.147.182.25
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <efc46b29-7410-497d-a0c9-ad6ebb488ef1n@googlegroups.com>
Subject: Add user name to sftp logs?
From: nzook@carrumhealth.com (Nathan Zook)
Injection-Date: Tue, 11 Jul 2023 17:59:34 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Received-Bytes: 1837
 by: Nathan Zook - Tue, 11 Jul 2023 17:59 UTC

I maintain an sftp server for a small company with a bunch of not-very-technical clients.

We've implemented chroot'ed sftp basically following the advise from https://www.the-art-of-web.com/system/sftp-logging-chroot/.

With scores of accounts, we've gone with a single chroot for all users, and rely on the file system permissions to keep them from seeing each others uploads. They share a group (which triggers the force command to sftp). When they connect, it is to their home directory under the chroot. If they immediately upload the file, (instead of cd'ing), the file name is logged with just the filename, which might not relate to the client name.

What I'm thinking about is something like SftpInternalLogPrefix that would accept some of the already-existing tokens.

Re: Add user name to sftp logs?

<8b79945f-e97b-4d47-a1c5-4e9096b0bc12n@googlegroups.com>

  copy mid

https://www.rocksolidbbs.com/devel/article-flat.php?id=237&group=comp.security.ssh#237

  copy link   Newsgroups: comp.security.ssh
X-Received: by 2002:a05:622a:188f:b0:403:adff:58a7 with SMTP id v15-20020a05622a188f00b00403adff58a7mr88504qtc.7.1689612164385;
Mon, 17 Jul 2023 09:42:44 -0700 (PDT)
X-Received: by 2002:a9d:7406:0:b0:6b7:4ec4:cbb1 with SMTP id
n6-20020a9d7406000000b006b74ec4cbb1mr10166961otk.7.1689612163860; Mon, 17 Jul
2023 09:42:43 -0700 (PDT)
Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer02.iad!feed-me.highwinds-media.com!news.highwinds-media.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.security.ssh
Date: Mon, 17 Jul 2023 09:42:43 -0700 (PDT)
In-Reply-To: <efc46b29-7410-497d-a0c9-ad6ebb488ef1n@googlegroups.com>
Injection-Info: google-groups.googlegroups.com; posting-host=144.167.1.185; posting-account=90aO-goAAAB0l6EUY60JC_Uj2PfLWjQM
NNTP-Posting-Host: 144.167.1.185
References: <efc46b29-7410-497d-a0c9-ad6ebb488ef1n@googlegroups.com>
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <8b79945f-e97b-4d47-a1c5-4e9096b0bc12n@googlegroups.com>
Subject: Re: Add user name to sftp logs?
From: jxadams@ualr.edu (Johnnie W Adams)
Injection-Date: Mon, 17 Jul 2023 16:42:44 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Received-Bytes: 2115
 by: Johnnie W Adams - Mon, 17 Jul 2023 16:42 UTC

How does one post to this Group?

On Tuesday, July 11, 2023 at 12:59:35 PM UTC-5, Nathan Zook wrote:
> I maintain an sftp server for a small company with a bunch of not-very-technical clients.
>
> We've implemented chroot'ed sftp basically following the advise from https://www.the-art-of-web.com/system/sftp-logging-chroot/.
>
> With scores of accounts, we've gone with a single chroot for all users, and rely on the file system permissions to keep them from seeing each others uploads. They share a group (which triggers the force command to sftp). When they connect, it is to their home directory under the chroot. If they immediately upload the file, (instead of cd'ing), the file name is logged with just the filename, which might not relate to the client name.
>
> What I'm thinking about is something like SftpInternalLogPrefix that would accept some of the already-existing tokens.

Re: Add user name to sftp logs?

<u946ri$14kmd$1@dont-email.me>

  copy mid

https://www.rocksolidbbs.com/devel/article-flat.php?id=238&group=comp.security.ssh#238

  copy link   Newsgroups: comp.security.ssh
Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: news@cct-net.co.uk (Chris Townley)
Newsgroups: comp.security.ssh
Subject: Re: Add user name to sftp logs?
Date: Mon, 17 Jul 2023 21:04:02 +0100
Organization: A noiseless patient Spider
Lines: 17
Message-ID: <u946ri$14kmd$1@dont-email.me>
References: <efc46b29-7410-497d-a0c9-ad6ebb488ef1n@googlegroups.com>
<8b79945f-e97b-4d47-a1c5-4e9096b0bc12n@googlegroups.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Mon, 17 Jul 2023 20:04:02 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="1336ba27aa9b8150432054958ad2c0e4";
logging-data="1200845"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18h1a9iKANpieU23BlkzsA4VPnpAy55oLQ="
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
Thunderbird/102.13.0
Cancel-Lock: sha1:9qnxyPOGBs3QoBUvEyjGrrmnV+A=
In-Reply-To: <8b79945f-e97b-4d47-a1c5-4e9096b0bc12n@googlegroups.com>
Content-Language: en-GB
 by: Chris Townley - Mon, 17 Jul 2023 20:04 UTC

On 17/07/2023 17:42, Johnnie W Adams wrote:
> How does one post to this Group?
>
> On Tuesday, July 11, 2023 at 12:59:35 PM UTC-5, Nathan Zook wrote:
>> I maintain an sftp server for a small company with a bunch of not-very-technical clients.
>>
>> We've implemented chroot'ed sftp basically following the advise from https://www.the-art-of-web.com/system/sftp-logging-chroot/.
>>
>> With scores of accounts, we've gone with a single chroot for all users, and rely on the file system permissions to keep them from seeing each others uploads. They share a group (which triggers the force command to sftp). When they connect, it is to their home directory under the chroot. If they immediately upload the file, (instead of cd'ing), the file name is logged with just the filename, which might not relate to the client name.
>>
>> What I'm thinking about is something like SftpInternalLogPrefix that would accept some of the already-existing tokens.

You just have!

--
Chris

1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor