sshd accepted fingerprint logging
dtucker at zip.com.au
Wed Oct 2 12:45:27 EST 2013
On Tue, Oct 01, 2013 at 03:38:16PM -0600, Eldon Koyle wrote:
> Currently, LogLevel must be set to VERBOSE to see the fingerprint of an
> accepted key, and the default LogLevel is INFO. Since this is useful
> security information, I would like to propose that the 'Accepted
> publickey' message be modified to include the fingerprint of the
> accepted key. Is this a reasonable solution?
It's already in the 6.3 release at the default log level:
Accepted publickey for dtucker from 127.0.0.1 port 43693 ssh2: RSA [fingerprint]
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev