Logging SFTP access in Debian 9 Stretch

logging SFTP access in Debian 9 Stretch

To start logging SFTP access in Debian 9 Stretch all you need to to is to edit a config file and restart a service.

First make sure that the sshd service is currently running if you are not remotely accessing the machine to begin with by using the following command:

systemctl status sshd

edit /etc/ssh/sshd_config

Under “# override default of no subsystems” within the config file add the following line under it.

Subsystem       sftp    /usr/libexec/openssh/sftp-server -l INFO

Then restart the sshd service with the following command:

systemctl restart sshd

Next connect via SFTP and then check the log file and look for your traffic. The log file should be located at:

/var/log/auth.log
Posted in Uncategorized and tagged .

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.