Saturday, July 28, 2007

SFTP proxy

I was spending the last couple of hours to implement a simple SFTP proxy, that is capable of logging file transfers, into our Shell Control Box product line. The core idea behind SCB is to perform RDP/SSH screening independently from the end-systems. This SFTP functionality will be a small bonus: in addition to dumping the SSH traffic to an audit trail, we are going to be able to write log transactions to syslog, which is way easier to analyse, if all you want to know is the list of files accessed via SFTP.

I originally thought that SFTP was as simple as FTP, with a transaction being a complete file transfer.

On the contrary, SFTP is much closer to NFS (and other network file system protocols) in spirit: in FTP you have a "RETR" command that fetches a complete file, in SFTP you need to open the file and read it separately using a series of "READ" commands.

Now I understand how sshfs is possible. I thought I'd let you know :)

By the way, syslog-ng 2.0.5 has been released recently. Hopefully this will decrease the stream of "Syslog-ng does not compile, please help" complaints, which was caused by my lazyness to enable spoof-source support unconditionally by default, without writing a proper test whether libnet was present on the system.


Anonymous said...

git tree isn't available.

I get the following error...
git clone syslog-ng.git
Initialized empty Git repository in /home/git/syslog-ng.git/.git/
Cannot get remote repository information.
Perhaps git-update-server-info needs to be run there?

Bazsi said...

Yes, I had to recreate the repo once, and I missed the git-update-server-info in the post-update hook.

I fixed this, now it is possible to clone the repo.