[PATCH] add log= directive to authorized_hosts

Alex Bligh alex at alex.org.uk
Sun Oct 9 01:05:28 EST 2011

Attached is a patch which adds a log= directive to authorized_keys. The text
in the log="text" directive is appended to the log line, so you can easily
tell which key is matched.

For instance the line:

log="hello world!",no-agent-forwarding,command="/bin/true",no-pty,
ssh-rsa AAAAB3Nza....xcgaK9xXoU= alex at example.com

produces a log line output like

Oct  8 11:04:47 test sshd[18469]: Accepted publickey for testuser from port 55580 ssh2 hello world!

A more useful use case might be to put the key's comment in the log=""

This has been tested on 5.3, and compiles on 5.8 and 5.9. The diff
is clean against 5.9.

I have not provided support for log= being incorporated into
the certificate. I can do (though I am not sure how to test it,
I would just copy forcecommand) but was unclear if that would
create a certificate back compatibility issue.

If this patch is useful, I am happy to work on that bit.

Alex Bligh

More information about the openssh-unix-dev mailing list