LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Who still uses FTP, for anything?

Who still uses FTP, for anything?

Posted Jul 8, 2011 11:47 UTC (Fri) by union (subscriber, #36393)
In reply to: Who still uses FTP, for anything? by Jonno
Parent article: Vsftpd backdoor discovered in source code (The H)

I always use sftp where I can.

But ...

I find one of the major shortcoming of OpenSSH sftp implementation is lack of logging.

I believe OpenSSH devs say that since you can login via ssh and copy paste data it would not guarantee completes and provide false sense of security.

But I would like an option for running sftp only with nice logs, but as far as I can tell there really isn't any widely deployed sftp only server for linux.

(Log in to post comments)

Who still uses FTP, for anything?

Posted Jul 8, 2011 17:06 UTC (Fri) by erwin@andreasen.org (guest, #51369) [Link]

How nice logs do you need? On the OpenSSH 4.3p2 as deployed in RHEL 5 you can enable logging by setting:

Subsystem sftp /usr/libexec/openssh/sftp-server -l INFO -f AUTHPRIV

in your sshd_config. That will be fairly verbose (logging e.g. what directories are opened to find a file list) but will also log file transfers.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds