I’m missing something simple, I think, with SFTP logging.
Subsystem sftp internal-sftp -f AUTH -l INFO
also, I’ve got
Match Group customers # ChrootDirectory %h ForceCommand internal-sftp AllowTcpForwarding no
so note this isn’t a chroot problem. What I see in the logs are
May 9 15:48:32 oc8703477275 sshd[22927]: pam_unix(sshd:session): session opened for user customer by (uid=0) May 9 15:48:42 oc8703477275 sshd[22927]: pam_unix(sshd:session): session closed for user customer
I ran sshd -ddd and rsyslog -dn so I could see the chatter. After the login, both sshd and rsyslog are quiet while I change directories, move files around, etc — and obviously none of that is being logged.
Where should I look?
update Martin provided the bingo. It looks like the ForceCommand overrides the settings on subsystem. Adding the -l INFO there fixed it.
Answer
Attribution
Source : Link , Question Author : Woody Weaver , Answer Author : Community