Description of problem: Red Hat's OpenSSH RPMs do not include the popular sftplogging patch from http://sftplogging.sourceforge.net/, which makes it possible to use sftp-server for site management in a reasonable fashion. Version-Release number of selected component (if applicable): All versions I've made my own RPM set based on the RHEL4U3 OpenSSH RPM 3.9p1-8.RHEL4.12 src rpm, incorporating this patch, but this functionality is desireable enough that it would be nice for Red Hat to support it. A number of vendors, including Gentoo and HP-UX, already incorporate this patch. I can provide my modified .src.rpm, if desired.
I've just done some research on this patch in the OpenSSH archives, and the OpenSSH team has resisted this patch due to implementation issues (the use of environment variables to pass data between sshd and sftp-server, etc.). I'm looking at crafting a new patch that has better security characteristics in the interfacing between sshd and sftp-server. I'll look at submitting it upstream to the OpenSSH folks. If it goes well, I'll spin an RPM for RHEL4 and see about providing the src here.
We try to keep as close to upstream as possible so we don't add conflicting command-line options or other incompatibilities with future upstream releases. Please reopen this bug after the patch was accepted upstream.