[Bug 2934] New: Getting Pubkey Fingerprint Used to Authenticate Current Session

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sat Nov 24 06:38:26 AEDT 2018


https://bugzilla.mindrot.org/show_bug.cgi?id=2934

            Bug ID: 2934
           Summary: Getting Pubkey Fingerprint Used to Authenticate
                    Current Session
           Product: Portable OpenSSH
           Version: 7.9p1
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: Miscellaneous
          Assignee: unassigned-bugs at mindrot.org
          Reporter: support at eggplantsd.com

It would be nice to have an authoritative way to get the pubkey
fingerprint used to authenticate the current session.  It could be a
new utility, an option to an existing utility, or maybe just an
environment variable.

This has already been partially addressed in 2082, but as a log
entry--which is fine for purely informational purposes.  Yet, if anyone
wants to branch out and build functionality with that information, the
log is a very brittle way to do it.  What if the format changes?  What
if my distro's maintainers move it?  What if I don't have access to it?
 etc, etc.

There is already a stackexchange post on the topic--which illustrates
the levels of sed wrangling and distro compensation that arise from
depending solely upon the log:

https://unix.stackexchange.com/questions/15575/can-i-find-out-which-ssh-key-was-used-to-access-an-account

One usage example would be having a git repo under a single machine
account with multiple users under `authorized_keys` for shared
development.

Another would be logging into my own account from different machines
(with different keys), and wanting to script different behavior
depending on which key was used.

I know most of this could be faked with command= and environment=, but
those solutions seem excessively manual.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list