Key comment to syslog on login
R.A.Owen
rao3 at leicester.ac.uk
Wed Nov 20 22:03:12 EST 2002
Hello,
Firstly thankyou for developing openssh - it is a great tool.
Secondly I'm not subscribed to this list - sorry!
It would be helpful to log the key comment to syslog when logging in using
private key authentication.
At the moment I get.
Nov xx xx:xx:xx hostname sshd[pid]: Accepted publickey for root from xxx.xxx.xxx.xxx port xxxxx ssh2
If this could be changed to log the key comment as stored in
~/.ssh/authorized_keys... something like
Nov xx xx:xx:xx hostname sshd[pid]: Accepted publickey "key_comment_here" for root from xxx.xxx.xxx.xxx port xxxxx ssh2
then I could let other admins log in as root using public key
authentication and still have an audit trail of who logged in due to the
key comments.
Perhaps the syslog message should include the key fingerprint too/instead
of the key_comment. ie:
Nov xx xx:xx:xx hostname sshd[pid]: Accepted publickey "key_comment_here" fingerprint=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx for root from xxx.xxx.xxx.xxx port xxxxx ssh2
or
Nov xx xx:xx:xx hostname sshd[pid]: Accepted publickey fingerprint=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx for root from xxx.xxx.xxx.xxx port xxxxx ssh2
I'm sure I would not be the only one to benifit from a better audit trail.
I have looked briefly at the code but I'm not up to the job so no patch is
attached!
I hope that you find this idea a usefull one and that it get's added to
the "ToDo" list.
Thanks for your time...
Alex Owen
----------------------------------------------------------------
Dr Richard Alexander Owen Unix System Administrator
----------------------------------------------------------------
More information about the openssh-unix-dev
mailing list