Linux SFTP verbose Logging sftp commands


sftp is an interactive file transfer program, similar to ftp(1), which performs all operations over an encrypted ssh(1) transport. sftp-server is a program that speaks the server side of SFTP protocol to stdout and expects client requests from stdin. sftp-server is not intended to be called directly, but from sshd(8) using the Subsystem option. Refer to the solution section to get more information on how to enable verbose Logging of all sftp commands.


  • Linux SFTP verbose Logging sftp commands
  • How to enable verbose logging on Linux SFTP?
  • How to log all SFTP commands on Linux?


  • Linux
  • Centos
  • RHEL
  • Ubuntu
  • Debian
  • Suse
  • Arch Linux
  • Alpine Linux


Following are the supported logging parameters

$ man sftp-server
-l log_level
             Specifies which messages will be logged by sftp-server.  The possible values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.  INFO and VERBOSE log transactions that
             sftp-server performs on behalf of the client.  DEBUG and DEBUG1 are equivalent.  DEBUG2 and DEBUG3 each specify higher levels of debugging output.  The default is ERROR.

-f log_facility
             Specifies the facility code that is used when logging messages from sftp-server.  The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
             The default is AUTH.

Add the following configuration in /etc/ssh/sshd_config file on the SFTP server system to enable verbose logging for all SFTP users and then restart sshd service.

# For normal SFTP(Without Chroot) add the following configuration in sshd_config file. 
Subsystem       sftp    /usr/libexec/openssh/sftp-server -l VERBOSE 

# For Chroot SFTP  add the following configuration in sshd_config file.
Subsystem sftp internal-sftp -l VERBOSE

A Sample configuration from chroot match block

Match Group sftp_users
        ChrootDirectory %h
        ForceCommand internal-sftp -l VERBOSE
        X11Forwarding no
        AllowTcpForwarding no


$ man sftp
$ man sftp-server

You May Also Like


About the Author: TekFik

TekFik is a technical blogging site helps techies and engineers to solve their day to day issues and also allows everyone to share knowledge and feedback. Please feel free to contact us at if there is anything.

Leave a Reply

Your email address will not be published. Required fields are marked *