Hello, Firstly thankyou for developing openssh - it is a great tool. Secondly I'm not subscribed to this list - sorry! It would be helpful to log the key comment to syslog when logging in using private key authentication. At the moment I get. Nov xx xx:xx:xx hostname sshd[pid]: Accepted publickey for root from xxx.xxx.xxx.xxx port xxxxx ssh2 If this could be changed to log the key comment as stored in ~/.ssh/authorized_keys... something like Nov xx xx:xx:xx hostname sshd[pid]: Accepted publickey "key_comment_here" for root from xxx.xxx.xxx.xxx port xxxxx ssh2 then I could let other admins log in as root using public key authentication and still have an audit trail of who logged in due to the key comments. Perhaps the syslog message should include the key fingerprint too/instead of the key_comment. ie: Nov xx xx:xx:xx hostname sshd[pid]: Accepted publickey "key_comment_here" fingerprint=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx for root from xxx.xxx.xxx.xxx port xxxxx ssh2 or Nov xx xx:xx:xx hostname sshd[pid]: Accepted publickey fingerprint=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx for root from xxx.xxx.xxx.xxx port xxxxx ssh2 I'm sure I would not be the only one to benifit from a better audit trail. I have looked briefly at the code but I'm not up to the job so no patch is attached! I hope that you find this idea a usefull one and that it get's added to the "ToDo" list. Thanks for your time... Alex Owen ---------------------------------------------------------------- Dr Richard Alexander Owen Unix System Administrator ----------------------------------------------------------------
Circa 2002-11-20 11:03:12 +0000 dixit R.A.Owen: : Hello, : Firstly thankyou for developing openssh - it is a great tool. : Secondly I'm not subscribed to this list - sorry! : : It would be helpful to log the key comment to syslog when logging in using : private key authentication. Key comments can be manipulated by the user who has the key. Putting them in the log would produce a false sense that you know what's going on. The fingerprints, however, are not able to be changed. : Perhaps the syslog message should include the key fingerprint too/instead : of the key_comment. ie: [...] The key fingerprint is logged if you set LogLevel to VERBOSE in sshd_config. : I'm sure I would not be the only one to benifit from a better audit trail. : I have looked briefly at the code but I'm not up to the job so no patch is : attached! : : I hope that you find this idea a usefull one and that it get's added to : the "ToDo" list. Actually, it's added to the "Done" list. ;) -- jim knoble | jmknoble at pobox.com | http://www.pobox.com/~jmknoble/ (GnuPG fingerprint: 31C4:8AAC:F24E:A70C:4000::BBF4:289F:EAA8:1381:1491) "I am non-refutable." --Enik the Altrusian -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 262 bytes Desc: not available Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20021120/6bda3f99/attachment.bin