Re: logging file names with sftp



On Thu, Sep 03, 2009 at 11:26:57AM -0500, Derek Martin wrote:
The logging of individual file transfers arguably buys you very little
though, because the users are legitimate users who are authenticated.
This is generally quite a different situation from FTP installations,
where often the users are anonymous

If I understand correctly, many people run an sftp service which is
essentially an encrypted, NAT-capable version of anonymous FTP. They
offer files (or file hosting space) to a large group of barely-trusted
people, and want to limit or track abuse of the service.

The encryption may be used to prevent spying upon the traffic by
people outside the group.

The ability of sftp to sit behind a NAT firewall (which FTP cannot do --
not with a straight NAT without special hacks) may be essential to
many sites.