Tracking source IP addresses Sftp clients are connecting from
Posted on 2014-01-13
We used sftp with password authentication & I'm suspecting that
our sftp password is being shared with users who are connecting
from IP addresses that we can track down.
As I'm newbie to Redhat Linux (5.x, 6.x) , can name me the logfile names
(Linux syslogs? Sftp logs?) & the directories of the logs that will show the
source IP addresses that the sftp clients are connecting from?
I was told by the Linux sysadmin that the sftp logs are encrypted.
Any idea which freeware sftp server auto-encrypts its sftp logs?
The sysadmin chap can't comment.
Is there any Linux command, say "last" that will indicate the source
IP addresses that sftp clients connect from & the date/timings they
connect? Let me know the qualifiers if any (for Redhat 5.x/6.x)