thr3ads.net - openssh unix dev - [PATCH] Log source of keys when using AuthorizedKeysCommand [Feb 2019]

If this information is useful, please help other people find it:
Share via:

Robert Jennings

2019-Feb-21 16:05 UTC

[PATCH] Log source of keys when using AuthorizedKeysCommand

This is my first patch to openssh and I hope that I've approached
this well.

When using the AuthorizedKeysCommand the ssh daemon does not log the
source (local disk or AuthorizedKeysCommand) for the accepted key.
This patch adds a LOG_INFO level message when a key is matched from
the command so that users auditing their systems will know how the
key was injected.

Regards,
Robert Jennings

---
 auth2-pubkey.c |    3 +++
 1 file changed, 3 insertions(+)

Index: b/auth2-pubkey.c
==================================================================---
a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -975,6 +975,9 @@ user_key_command_allowed2(struct ssh *ss
 
 	/* Read completed successfully */
 	found_key = ok;
+	if (ok)
+		logit("%s: Key for %s found via AuthorizedKeysCommand: %s",
+		    __func__, user_pw->pw_name, format_key(key));
  out:
 	if (f != NULL)
 		fclose(f);

openssh unix dev - Feb 2019 - [PATCH] Log source of keys when using AuthorizedKeysCommand

[PATCH] Log source of keys when using AuthorizedKeysCommand