I have installed OpenSSH and have set up a SFTP server with hostkey authentication. and I want to be able to see who is connected and what files they have requested or uploaded.

in /etc/ssh/sshd_conf I have put the following entries:

# Logging
SyslogFacility AUTH
LogLevel DEBUG

and in the /etc/syslog.conf file I have put the following line

auth.debug /var/log/ssh.log

In the ssh.log file I can see who requests a connection and if they are succesful or not but I am unable to see who is still connected, what they have requested and what they have uploaded.

Is there even a system command that will tell me who is connected on what port?

Modify your sftp Subsystem line in sshd_config:

Subsystem sftp /usr/local/libexec/sftp-server -l DEBUG3

and restart the ssh server. This will increase the log level for sftp-server, which will prefix lines with the debug level names, where DEBUG3 is the highest debug level. Man sftp-server for more details of log levels.

MrC

I have the following line in my /etc/ssh/sshd_config

Subsystem sftp /usr/lib/openssh/sftp-server -l DEBUG3

but when I try to restart the ssh demon it gives the following error

bob@bob-desktoppc:~$ sudo /etc/init.d/ssh restart
Password:
* Restarting OpenBSD Secure Shell server... /etc/ssh/sshd_config line 75: garbage at end of line; "-l".

I had a look in my man for sftp-server and it says nothing about the working of the program. In the man page for sftp it says to use the -v option to raise the logging level but I think this is just for command line use, because when I add it to my sshd_config file as you suggested I do with the -l DEBUG 3 it give the same error.

any suggestions?

Sorry, the -l log level option is available on newer versions of openssh. It was added in July of 2006, and the debian/Ubuntu version is older (v 4.3p2). I build my own software, so have a newer version (4.6p1).

I'm not sure what is requried, or if it is possible, to get the data you want with the Ubuntu/Debian version.

You could build from source.

MrC