[PATCH] add log= directive to authorized_hosts
Alex Bligh
alex at alex.org.uk
Sun Oct 9 01:05:28 EST 2011
Attached is a patch which adds a log= directive to authorized_keys. The text
in the log="text" directive is appended to the log line, so you can easily
tell which key is matched.
For instance the line:
log="hello world!",no-agent-forwarding,command="/bin/true",no-pty,
no-user-rc,no-X11-forwarding,permitopen="127.0.0.1:7"
ssh-rsa AAAAB3Nza....xcgaK9xXoU= alex at example.com
produces a log line output like
Oct 8 11:04:47 test sshd[18469]: Accepted publickey for testuser from
10.11.12.13 port 55580 ssh2 hello world!
A more useful use case might be to put the key's comment in the log=""
line.
This has been tested on 5.3, and compiles on 5.8 and 5.9. The diff
is clean against 5.9.
I have not provided support for log= being incorporated into
the certificate. I can do (though I am not sure how to test it,
I would just copy forcecommand) but was unclear if that would
create a certificate back compatibility issue.
If this patch is useful, I am happy to work on that bit.
--
Alex Bligh
More information about the openssh-unix-dev
mailing list