[Bug 1282] Log which key used for authentication

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sat Jun 23 04:07:00 EST 2007


http://bugzilla.mindrot.org/show_bug.cgi?id=1282


Brian Beaudoin <bbeaudoin at peer1.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|WORKSFORME                  |




--- Comment #3 from Brian Beaudoin <bbeaudoin at peer1.com>  2007-06-23 04:06:55 ---
Unfortunately LogLevel VERBOSE logs the fingerprint of the private key,
not the public key.  If we don't have the private key that is being
abused, we still don't know which key is being abused.

LogLevel DEBUG prints which line the public key is on, but not the
fingerprint of the public key itself.  If the order of this file is
changed, we still wouldn't know which key to remove from the server.

The actual solution would be logging the fingerprint of the PUBLIC key.
 Then if the private key is abused, we can revoke the corresponding
public key in the "authorized_keys" file.


-- 
Configure bugmail: http://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list