sshd accepted fingerprint logging

Darren Tucker dtucker at
Wed Oct 2 12:45:27 EST 2013

On Tue, Oct 01, 2013 at 03:38:16PM -0600, Eldon Koyle wrote:
> Currently, LogLevel must be set to VERBOSE to see the fingerprint of an
> accepted key, and the default LogLevel is INFO.  Since this is useful
> security information, I would like to propose that the 'Accepted
> publickey' message be modified to include the fingerprint of the
> accepted key.  Is this a reasonable solution?

It's already in the 6.3 release at the default log level:

Accepted publickey for dtucker from port 43693 ssh2: RSA [fingerprint]

Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list