[PATCH] add log= directive to authorized_hosts

Alex Bligh alex at alex.org.uk
Sun Oct 9 01:05:28 EST 2011


Attached is a patch which adds a log= directive to authorized_keys. The text
in the log="text" directive is appended to the log line, so you can easily
tell which key is matched.

For instance the line:

log="hello world!",no-agent-forwarding,command="/bin/true",no-pty,
no-user-rc,no-X11-forwarding,permitopen="127.0.0.1:7"
ssh-rsa AAAAB3Nza....xcgaK9xXoU= alex at example.com

produces a log line output like

Oct  8 11:04:47 test sshd[18469]: Accepted publickey for testuser from 
10.11.12.13 port 55580 ssh2 hello world!

A more useful use case might be to put the key's comment in the log=""
line.

This has been tested on 5.3, and compiles on 5.8 and 5.9. The diff
is clean against 5.9.

I have not provided support for log= being incorporated into
the certificate. I can do (though I am not sure how to test it,
I would just copy forcecommand) but was unclear if that would
create a certificate back compatibility issue.

If this patch is useful, I am happy to work on that bit.

-- 
Alex Bligh


More information about the openssh-unix-dev mailing list