Prerequisites: Using internal-sftp for sftp; rsyslog for logging
Step 1. Set up your chrooted directories
sudo mkdir /sftp/myshare
sudo mkdir /sftp/myothershareStep 2. Create your groups for your chrooted users
sudo groupadd mysharetransfergroup && sudo groupadd myothersharetransfergroupStep 3. Set up your sshd_config normally
Subsystem sftp internal-sftp
Match group mysharetransfergroup
ChrootDirectory /sftp/myshare/
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp -f LOCAL7 -l INFO
Match group myothersharetransfergroup
ChrootDirectory /sftp/myothershare/
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp -f LOCAL7 -l INFOStep 4. Modify the subsystem sftp line as follows: Subsystem sftp internal-sftp -f LOCAL7 -l INFO
Step 5. In your Match group section for the chroot, append -f LOCAL7 -l INFO to the ForceCommand line for each group applicable
Step 6. In your chrooted directory for your sftp users, create a dev folder and ensure the ownership matches your chroot AND also run chmod 755 on the directory (this is important)
Step 7. Configure rsyslog to create the log for you by creating /etc/rsyslog.d/60-sftp.conf with the following contents matching your environment:
# Create socket within chrooted directories to allow for logging
$AddUnixListenSocket /sftp/myshare/dev/log
$AddUnixListenSocket /sftp/myothershare/dev/log
# Parse the data logged at level INFO and facility LOCAL7 into /var/log/sftp.log
LOCAL7.info /var/log/sftp.log
# Report logins and logoffs
:syslogtag,startswith,"sftp-server" /var/log/sftp.logStep 8. Restart sshd and rsyslog sudo service ssh restart && sudo service rsyslog restart
Step 9. Create your chrooted users
Step 10. Update your /etc/logrotate.d/rsyslog by adding this lines:
/var/log/sftp.log
{
rotate 4
weekly
missingok
notifempty
compress
delaycompress
sharedscripts
postrotate
invoke-rc.d rsyslog rotate > /dev/null
endscript
}sudo less /var/log/sftp.log