A way to log what line of authorized_keys that was used

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Mar 25 02:40:33 EST 2009


On 03/24/2009 11:27 AM, William Viker wrote:
> There are only two problems
> 
>   1) It doesn't say what file it found the keys in (but, it's
>      probably semi-safe to assume (told user)/.ssh/authorized_keys

The file and matching line number appear to be emitted at LogLevel
DEBUG1, though as Jan Pechanec noted, that info may change in the future
(or even as a result of the specific ssh session!)

>   2) With many logins, could there be any chance that logentries
>      get mixed? You don't get all information from the login on
>      one line, or with a unique id/serial to follow

on my debian system, the data is logged in /var/log/auth.log, and
prefixed by the process ID of the spawned sshd instance for the
particular login.  So you should be able to reconstruct individual
threads by aggregating by process ID in most cases.

>   3) From the information the VERBOSE-log tells me, I cant see
>      what TTY the user got. Would be nifty :)

hey, that's three problems, not two problems! ;)

sshd appears to produce the following line at DEBUG3:

    mm_answer_pty: tty /dev/pts/23 ptyfd 4

But as sshd_config(5) says:

  Logging with a DEBUG level violates the privacy of users and is not
  recommended.

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20090324/739e8d51/attachment.bin 


More information about the openssh-unix-dev mailing list