Can openssh log which public key, as listed in the authorized keys file, was used to log in? If so, how? I don't see a config option, so I'm currently using a custom command via COMMAND="....." ssh-dss AAAAB3Nza..... key1 COMMAND="....." ssh-dss AAAABFFFF..... key2 to log the key. It would be nice if there was a better way. Suggestions? Anthony. -- Anthony R Fletcher Room 2033, Building 12A, http://dcb.cit.nih.gov/~arif National Institutes of Health, arif at mail.nih.gov 12A South Drive, Bethesda, Phone: (+1) 301 402 1741. MD 20892-5624, USA.
On 02/04/2011 11:44 AM, Anthony R Fletcher wrote:> Can openssh log which public key, as listed in the authorized keys file, > was used to log in? If so, how? > > I don't see a config option, so I'm currently using a custom command via > COMMAND="....." ssh-dss AAAAB3Nza..... key1 > COMMAND="....." ssh-dss AAAABFFFF..... key2 > to log the key. It would be nice if there was a better way. > Suggestions?setting the LogLevel to verbose (usually in /etc/ssh/sshd_config) should log the fingerprint of the key used. hth, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1030 bytes Desc: OpenPGP digital signature URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20110204/e9ce7b86/attachment.bin>
Hi, On 02/04/2011 05:44 PM, Anthony R Fletcher wrote:> Can openssh log which public key, as listed in the authorized keys file, > was used to log in? If so, how?There where several patches on the list to log the key comment, but they where not included in openssh. Without patching, you can run the sshd with LogLevel=VERBOSE. This will log the fingerprint of the key used for authentication. (With "ssh-keygen -l -f authorized_keys" you get all fingerprints of the public keys in the file) Frank __________________________________________________ Do You Yahoo!? Sie sind Spam leid? Yahoo! Mail verf?gt ?ber einen herausragenden Schutz gegen Massenmails. http://mail.yahoo.com