A way to log what line of authorized_keys that was used

William Viker williamv at opera.com
Wed Mar 25 02:27:49 EST 2009


On Tue, 24 Mar 2009 16:00:56 +0100, Daniel Kahn Gillmor  
<dkg at fifthhorseman.net> wrote:
> If you bump up LogLevel to VERBOSE in sshd_config, sshd will log the
> fingerprint of the matching key.  Is that sufficient for your purposes,
> or do you want more detail?  If you want more detail, what specifically
> are you looking for?

Hmm, yeah. Forgot that I've tried that before.

It says something like

Failed none for root from 213.236.208.22 port 26234 ssh2
Found matching DSA key: d7:6f:22:76:15:1c:11:10:86:9e:09:a5:d5:e7:7c:d7
Found matching DSA key: d7:6f:22:76:15:1c:11:10:86:9e:09:a5:d5:e7:7c:d7
Accepted publickey for root from 213.236.208.22 port 26234 ssh2
pam_unix(sshd:session): session opened for user root by (uid=0)

There are only two problems

  1) It doesn't say what file it found the keys in (but, it's
     probably semi-safe to assume (told user)/.ssh/authorized_keys

  2) With many logins, could there be any chance that logentries
     get mixed? You don't get all information from the login on
     one line, or with a unique id/serial to follow

  3) From the information the VERBOSE-log tells me, I cant see
     what TTY the user got. Would be nifty :)


Just thinking :)



-- 
William Viker
Opera Software ASA


More information about the openssh-unix-dev mailing list