Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- David Nixon
December 16, 2004, 10:44 am
rate this thread
I was surprised to discover that, with 'sftp', logging only came as a
patch. This is a marked contrast to 'sftp2'; with its "SftpSyslogFacility"
Was the absence of transfer logs conceived as a privacy mechanism, or
was it simply an oversight ?
DaveN -- University of Liverpool Computer Science
Re: Not to log file xfers
Bear in mind that SFTP is only one of many ways to achieve file
transfer over SSH. If my server's SFTP client did logging and I
happened to want to perform an unlogged file transfer, I could just
do things like this:
ssh remotehost 'cat > uploaded' < file-to-upload
ssh remotehost 'cat file-to-download' > downloaded
tar czvf - directory-to-upload | ssh remotehost 'tar xzf -'
ssh remotehost 'tar czf - directory-to-download' | tar xzvf -
and since I never invoked the SFTP binary, it would never do its
I would _guess_ (although this is just a guess) that someone decided
there was no point in making an SFTP server log in most situations,
since there was no way to ensure the log was complete or reliable.
It's probably something I'd have reasoned in the same situation:
free software authors are generally reluctant to spend time and
effort on creating restrictions and `security' measures which are
very easy to bypass. The feeling is that you should either make them
difficult or (preferably) impossible to bypass, or not bother with
them at all.
Of course, if you have a specialist setup - such as an account which
can _only_ be used for SFTP, so that mechanisms like the above are
not possible - then a logging SFTP server might become worth having.
Which might easily be why it's available as a patch.
Simon Tatham "Selfless? I'm so selfless I
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum