Ping a Specific Port

Question

Anthony Miller

Asked: 2012-02-07 06:42:38 +0800 CST2012-02-07 06:42:38 +0800 CST 2012-02-07 06:42:38 +0800 CST

Meaning of "SFTP subsystem requests"

772

The following message showed up in my logwatch:

--------------------- SSHD Begin ------------------------ 

SFTP subsystem requests: 1 Time(s)

 ---------------------- SSHD End -------------------------

I understand that it means SFTP has been accessed, but does it mean that an active connection was made, or that it was only attempted? Would there be an alternative message if a connection had been attempted but failed?

1 Answers

Voted

kaji · Answer 1 · 2012-02-07T07:05:25+08:00

Best Answer

kaji

2012-02-07T07:05:25+08:002012-02-07T07:05:25+08:00

Only successful login attempt via sftp yourusername@yourservername are logged into /var/log/auth.log marked with

TIMESTAMP SERVERNAME sshd[xxxx] subsystem request for sftp

which in turn is parsed by logwatch to show the count i.e. successful SFTP login counts

Unsuccessful attempts for sftp is not differentiated from normal ssh failure attempts in the log file. If you're using something like a GUI SSH/SFTP client on windows/osx/linux, and copied a file across, that'd generate that log entry.

If you haven't done any file copies at all, then you might want to poke at the box a bit.

2

Meaning of "SFTP subsystem requests"

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?