How to enable SFTP Logging without chroot in CentOS/RHEL?

Secure File Transfer Protocol (SFTP) is a great tool for performing secure file transfers. This is a short note to explain how to enable sftp logging without chroot.

1. To enable logging of sftp-server in /var/log/messages, add command-line arguments to the Subsystem sftp line in /etc/ssh/sshd_config

# vi /etc/ssh/ssh_config
Subsystem sftp /usr/libexec/openssh/sftp-server -l VERBOSE

 

Restart the sshd service for the changes to take effect.

# service sshd restart        # For CentOS/RHEL 6
# systemctl resart sshd       # For CentOS/RHEL 7

 

2. For logging sftp logs into a different file, configure /etc/ssh/sshd_config using log_facility option and rsyslog to redirect messages into the other file. Edit /etc/ssh/sshd_config and modify as below:

# vi /etc/ssh/ssh_config
Subsystem sftp /usr/libexec/openssh/sftp-server -l VERBOSE -f LOCAL3

 

And then edit /etc/rsyslog.conf and add the below line:

# vi /etc/rsyslog.conf
local3.* /var/log/sftp.log

 

Restart sshd and rsyslog service.

# service sshd restart        # For CentOS/RHEL 6
# systemctl restart sshd      # For CentOS/RHEL 7

 

# service rsyslog restart        # For CentOS/RHEL 6
# systemctl restart rsyslog      # For CentOS/RHEL 7

 

Was this answer helpful? 0 Users Found This Useful (0 Votes)