OpenSSH versions 4.4p1 and up (which should include the latest version with CentOS 5) have SFTP logging capability built in - you just need to configure it.
Find this in your sshd_config (in centos, file /etc/ssh/sshd_config):
Subsystem sftp /usr/libexec/openssh/sftp-server
and change it to:
Subsystem sftp /usr/libexec/openssh/sftp-server -l INFO
INFO is just one level of detail over what you're seeing by default - it provides detailed information regarding file transfers, permission changes, etc. If you need more info, you can adjust the log level accordingly. The various levels (in order of detail) are:
QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3
Anything over VERBOSE is probably more information than you're looking for, but it might be useful.
Finally restart the SSH service to update the changes (centos):
systemctl restart sshd
As you mentioned, the environment variables are removed by sudo
, for security reasons.
But fortunately sudo
is quite configurable: you can tell it precisely which environment variables you want to keep thanks to the env_keep
configuration option in /etc/sudoers
.
For agent forwarding, you need to keep the SSH_AUTH_SOCK
environment variable. To do so, simply edit your /etc/sudoers
configuration file (always using visudo
) and set the env_keep
option to the appropriate users. If you want this option to be set for all users, use the Defaults
line like this:
Defaults env_keep+=SSH_AUTH_SOCK
man sudoers
for more details.
You should now be able to do something like this (provided user1
's public key is present in ~/.ssh/authorized_keys
in user1@serverA
and user2@serverB
, and serverA
's /etc/sudoers
file is setup as indicated above):
user1@mymachine> eval `ssh-agent` # starts ssh-agent
user1@mymachine> ssh-add # add user1's key to agent (requires pwd)
user1@mymachine> ssh -A serverA # no pwd required + agent forwarding activated
user1@serverA> sudo su - user2 # sudo keeps agent forwarding active :-)
user2@serverA> ssh serverB # goto user2@serverB w/o typing pwd again...
user2@serverB> # ...because forwarding still works
Best Answer
No, because SSH has no way of knowing whether what you're typing would require an enter or tab to action -- if you're trying to go through your command history, for instance, the
^R
or up arrows wouldn't be sent by themselves, and that would be... unpleasant.You don't have to wait between each character for it to appear on the screen, though; if you know what you have to type, bash away at it as quick as you like, and the terminal will catch up in about one round-trip time from when you stopped typing, which is about as good as you'll get out of a line-buffered setup anyway (packet loss is different, but it introduces it's own interesting quirks).