How to log pubkey used in a keyring

frank mohr f_mohr at
Sat May 13 01:55:55 EST 2006


without patching the sshd, the easiest way is to run it 
with LogLevel VERBOSE and parse the log for 
Found matching <keytype> key: <fingerprint>

if you search the list archive, you find several patches 
that add a log message for the key comment


--- Walter Doud <wdoud at> wrote:

> Hi,
> I'm trying to create a log of which key is being used to access a
> given
> account.
> I can turn auth.debug on, but that generates *copious* output to the
> log
> file which isn't terribly desirable.  Furthermore, the log's format
> from
> one ssh implementation to the next varies, causes parsing
> complexities.
> Tried a kludge using the "command=/some/path/to/script <ID>"  prefix
> on
> each key, where the script took the ID and logged it along with some
> of the
> other ssh variables.  However that meant either exec'ing the command
> being
> sent from the remote system, or forcing the session into a specific
> shell.
> Is there any other way to determine what key is used?
> Thanks in advance,
>    Walt
> Walter Doud
> UNIX System Administrator
> Information Technology Services Americas, Global Services, IBM
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at

Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 

More information about the openssh-unix-dev mailing list