[Bug 2934] New: Getting Pubkey Fingerprint Used to Authenticate Current Session
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Sat Nov 24 06:38:26 AEDT 2018
https://bugzilla.mindrot.org/show_bug.cgi?id=2934
Bug ID: 2934
Summary: Getting Pubkey Fingerprint Used to Authenticate
Current Session
Product: Portable OpenSSH
Version: 7.9p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: Miscellaneous
Assignee: unassigned-bugs at mindrot.org
Reporter: support at eggplantsd.com
It would be nice to have an authoritative way to get the pubkey
fingerprint used to authenticate the current session. It could be a
new utility, an option to an existing utility, or maybe just an
environment variable.
This has already been partially addressed in 2082, but as a log
entry--which is fine for purely informational purposes. Yet, if anyone
wants to branch out and build functionality with that information, the
log is a very brittle way to do it. What if the format changes? What
if my distro's maintainers move it? What if I don't have access to it?
etc, etc.
There is already a stackexchange post on the topic--which illustrates
the levels of sed wrangling and distro compensation that arise from
depending solely upon the log:
https://unix.stackexchange.com/questions/15575/can-i-find-out-which-ssh-key-was-used-to-access-an-account
One usage example would be having a git repo under a single machine
account with multiple users under `authorized_keys` for shared
development.
Another would be logging into my own account from different machines
(with different keys), and wanting to script different behavior
depending on which key was used.
I know most of this could be faked with command= and environment=, but
those solutions seem excessively manual.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list