0

Is it possible to configure sshd in a way that the log level for specific users is increased to verbose, while other users remain in loglevel Error?

Background: Server System with many connections from other network elements sending loads of data via sftp. Challenge here is that human/administrative user access via ssh should be logged for security reasons while the sftp connections from the network elements should not. All users should use the same port (22).

13dimitar
  • 2,508
  • 1
  • 13
  • 15
Odihase
  • 1
  • AFAIK the `Match user ` conditional syntax in the [`sshd_config`](https://linux.die.net/man/5/sshd_config) does not allow you to specify different LogLevel for specific users (or Groups for that matter) . Better might be to always log at Error level and then configure your syslog daemon to subsequently discard messages from the sftp subsystem. (Or use auditd to monitor the actions of specific users) – HBruijn Feb 09 '18 at 14:02

1 Answers1

0
Match User <theusername>
   LogLevel ***

That will give the user a different LogLevel from other users. See sshd_config(5).

Andrew Schulman
  • 8,811
  • 21
  • 32
  • 47
Jormodn
  • 9
  • 1
  • 2
    AFAIK `LogLevel` is not allowed in Match block. – 13dimitar Feb 09 '18 at 20:44
  • From the man page: *"Only a subset of keywords may be used on the lines following a Match keyword. Available keywords are **`AllowAgentForwarding`, `AllowTcpForwarding`, `Banner`, `ChrootDirectory`, `ForceCommand`, `...`** "* and `LogLevel` is not included in that. – HBruijn Feb 12 '18 at 12:35