Key comment to syslog on login

R.A.Owen rao3 at leicester.ac.uk
Wed Nov 20 22:03:12 EST 2002


Hello,
Firstly thankyou for developing openssh - it is a great tool.
Secondly I'm not subscribed to this list - sorry!

It would be helpful to log the key comment to syslog when logging in using
private key authentication.

At the moment I get.
Nov xx xx:xx:xx hostname sshd[pid]: Accepted publickey for root from xxx.xxx.xxx.xxx port xxxxx ssh2

If this could be changed to log the key comment as stored in
~/.ssh/authorized_keys... something like
Nov xx xx:xx:xx hostname sshd[pid]: Accepted publickey "key_comment_here" for root from xxx.xxx.xxx.xxx port xxxxx ssh2
then I could let other admins log in as root using public key
authentication and still have an audit trail of who logged in due to the
key comments.

Perhaps the syslog message should include the key fingerprint too/instead
of the  key_comment. ie:
Nov xx xx:xx:xx hostname sshd[pid]: Accepted publickey "key_comment_here" fingerprint=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx for root from  xxx.xxx.xxx.xxx port xxxxx ssh2
 or
Nov xx xx:xx:xx hostname sshd[pid]: Accepted publickey fingerprint=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx for root from  xxx.xxx.xxx.xxx port xxxxx ssh2

I'm sure I would not be the only one to benifit from a better audit trail.
I have looked briefly at the code but I'm not up to the job so no patch is
attached!

I hope that you find this idea a usefull one and that it get's added to
the "ToDo" list.

Thanks for your time...
Alex Owen

----------------------------------------------------------------
 Dr Richard Alexander Owen      Unix System Administrator
----------------------------------------------------------------





More information about the openssh-unix-dev mailing list