logging RSA key IDs

Phil Karn karn at ka9q.ampr.org
Fri Feb 4 10:50:55 EST 2000


>One might argue that the logfile will grow significantly larger,

That, and not any concern about keeping public keys private, was my
concern.  But it now occurs to me that on most systems, log files are
routinely compressed by daemons fired off from cron. Although the
public keys are themselves random and essentially uncompressible,
chances are they will keep recurring in the log file, making them
compress very nicely with gzip.

So I now suggest that the daemon just log the full public key
used. Hopefully this won't break any message length limits in syslog.

Phil





More information about the openssh-unix-dev mailing list