Secure File Transfer Protocol (SFTP) is a great tool for performing secure file transfers. This is a short note to explain how to enable sftp logging without chroot.
1. To enable logging of sftp-server in /var/log/messages, add command-line arguments to the Subsystem sftp line in /etc/ssh/sshd_config
# vi /etc/ssh/sshd_config Subsystem sftp /usr/libexec/openssh/sftp-server -l VERBOSE
Restart the sshd service for the changes to take effect.
# service sshd restart # For CentOS/RHEL 6 # systemctl resart sshd # For CentOS/RHEL 7
2. For logging sftp logs into a different file, configure /etc/ssh/sshd_config using log_facility option and rsyslog to redirect messages into the other file. Edit /etc/ssh/sshd_config and modify as below:
# vi /etc/ssh/sshd_config Subsystem sftp /usr/libexec/openssh/sftp-server -l VERBOSE -f LOCAL3
and then edit /etc/rsyslog.conf and add the below line:
# vi /etc/rsyslog.conf local3.* /var/log/sftp.log
Restart sshd and rsyslog service.
# service sshd restart # For CentOS/RHEL 6 # systemctl restart sshd # For CentOS/RHEL 7
# service rsyslog restart # For CentOS/RHEL 6 # systemctl restart rsyslog # For CentOS/RHEL 7