Continuing the SFTP series of blog pages – lets take a look at some random snippets which are really helpful.
- Specifying the private key while dong SFTP
We can also place the options in “config” file.
Host the_hostname User user_name IdentityFile /path/to/private_key
2. Prepare a batch file with the commands to run ( mostly used for transferring multiple files in single transaction ) and run them with SFTP.
echo "put filename.foo /safe/path/filename.foo" >> /tmp/batchfile.txt sftp -b /tmp/batchfile.txt -oIdentityFile=/path/to/private_key user@host
3. Starting with OpenSSH 5.4, sftp-server(8) can set a umask to override the default one set by the user’s account. The in-process SFTP server, internal-sftp, accepts the same options as the external SFTP subsystem.
Subsystem sftp internal-sftp -u 0022
Earlier versions can do the same thing through the use of a helper script, but this complicates chrooted directories very much. The helper script can be a regular script or it can be embedded inline in the configuration file though neither works easily in a chroot jail. It’s often easier to get a newer version of sshd(8) which supports umask as part of the server’s configuration. Here is an inline helper script for umask in OpenSSH 5.3 and earler, based on one by gilles@
Subsystem sftp /bin/sh -c 'umask 0022; /usr/libexec/openssh/sftp-server'
4. SFTP file transfers can be logged using LogLevel INFO or VERBOSE. The log level for the SFTP server can be set in sshd_config(5) separately from the general SSH server settings.
Subsystem internal-sftp -l INFO
By default the SFTP messages will also end up in auth.log but it is possible to filter these messages to their own file by reconfiguring the system logger, usually rsyslogd(8) or syslogd(8). Sometimes this is done by changing the log facility code from the default of AUTH. Available options are LOCAL0 through LOCAL7, plus, less usefully, DAEMON and USER.
Subsystem internal-sftp -l INFO -f LOCAL6
If new system log files are assigned, it is important to remember them in log rotation, too.