Logging of comments on keys

Axel Dunkel ad at Dunkel.de
Mon Feb 10 12:41:21 EST 2003 

Damien,
 
> "LogLevel verbose" currently log the key fingerprint, extending this to 
> log the filename it matched from may be worthwhile - iff it can be done 
> cleanly.
> 
> Now someone just needs to do a patch so we can talk about it.

Hm, I modified my patch - have a look at it.

Best regards,
Axel


---
Systemberatung A. Dunkel GmbH, Gutenbergstr. 5, D-65830 Kriftel
Tel.: +49-6192-9988-0, Fax: +49-6192-9988-99,   E-Mail: ad at Dunkel.de



-------------- next part --------------
*** auth2-pubkey.c.orig	Sun Feb  9 12:48:09 2003
--- auth2-pubkey.c	Mon Feb 10 01:25:22 2003
***************
*** 183,188 ****
--- 183,193 ----
  
  	debug("trying public key file %s", file);
  
+  	/* log public key */
+ 
+ 	fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
+ 	verbose("Attempt public key authentication for %s with %s key: %s", pw->pw_name, key_type(key), fp);
+ 
  	/* Fail quietly if file does not exist */
  	if (stat(file, &st) < 0) {
  		/* Restore the privileged uid. */
***************
*** 239,249 ****
  		if (key_equal(found, key) &&
  		    auth_parse_options(pw, options, file, linenum) == 1) {
  			found_key = 1;
- 			debug("matching key found: file %s, line %lu",
- 			    file, linenum);
  			fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX);
  			verbose("Found matching %s key: %s",
  			    key_type(found), fp);
  			xfree(fp);
  			break;
  		}
--- 244,253 ----
  		if (key_equal(found, key) &&
  		    auth_parse_options(pw, options, file, linenum) == 1) {
  			found_key = 1;
  			fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX);
  			verbose("Found matching %s key: %s",
  			    key_type(found), fp);
+ 			verbose("Comment on key (in %s line %lu): %s", file, linenum, cp);
  			xfree(fp);
  			break;
  		}
*** auth-rsa.c.orig	Sun Feb  9 13:18:56 2003
--- auth-rsa.c	Mon Feb 10 01:27:01 2003
***************
*** 153,159 ****
  int
  auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
  {
! 	char line[8192], *file;
  	int allowed = 0;
  	u_int bits;
  	FILE *f;
--- 153,159 ----
  int
  auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
  {
! 	char line[8192], *file, *extpubkey;
  	int allowed = 0;
  	u_int bits;
  	FILE *f;
***************
*** 164,169 ****
--- 164,174 ----
  	/* Temporarily use the user's uid. */
  	temporarily_use_uid(pw);
  
+ 	/* log public key */
+ 	extpubkey = BN_bn2hex(client_n);
+ 	log("Attempt RSA authentication for %s with pubkey %s", pw->pw_name, extpubkey);
+ 	OPENSSL_free(extpubkey);
+ 
  	/* The authorized keys. */
  	file = authorized_keys_file(pw);
  	debug("trying public RSA key file %s", file);
***************
*** 249,254 ****
--- 254,262 ----
  			log("Warning: %s, line %lu: keysize mismatch: "
  			    "actual %d vs. announced %d.",
  			    file, linenum, BN_num_bits(key->rsa->n), bits);
+ 		
+ 		/* log comment */
+ 		verbose("Comment on key (in %s line %lu): %s", file, linenum, cp);
  
  		/* We have found the desired key. */
  		/*

More information about the openssh-unix-dev mailing list