Key comment to syslog on login
Jim Knoble
jmknoble at pobox.com
Thu Nov 21 06:54:19 EST 2002
Circa 2002-11-20 11:03:12 +0000 dixit R.A.Owen:
: Hello,
: Firstly thankyou for developing openssh - it is a great tool.
: Secondly I'm not subscribed to this list - sorry!
:
: It would be helpful to log the key comment to syslog when logging in using
: private key authentication.
Key comments can be manipulated by the user who has the key. Putting
them in the log would produce a false sense that you know what's going
on. The fingerprints, however, are not able to be changed.
: Perhaps the syslog message should include the key fingerprint too/instead
: of the key_comment. ie: [...]
The key fingerprint is logged if you set LogLevel to VERBOSE in
sshd_config.
: I'm sure I would not be the only one to benifit from a better audit trail.
: I have looked briefly at the code but I'm not up to the job so no patch is
: attached!
:
: I hope that you find this idea a usefull one and that it get's added to
: the "ToDo" list.
Actually, it's added to the "Done" list. ;)
--
jim knoble | jmknoble at pobox.com | http://www.pobox.com/~jmknoble/
(GnuPG fingerprint: 31C4:8AAC:F24E:A70C:4000::BBF4:289F:EAA8:1381:1491)
"I am non-refutable." --Enik the Altrusian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 262 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20021120/6bda3f99/attachment.bin
More information about the openssh-unix-dev
mailing list