[Bug 1282] Log which key used for authentication
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sat Feb 10 02:19:51 EST 2007
http://bugzilla.mindrot.org/show_bug.cgi?id=1282
Summary: Log which key used for authentication
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Keywords: low-hanging-fruit
Severity: security
Priority: P2
Component: sshd
AssignedTo: bitbucket at mindrot.org
ReportedBy: bbeaudoin at peer1.com
In INFO mode, the number of the key in .ssh/authorized_keys isn't
logged (though sshd does log the fact a public key was used for
authentication). The same issue occurs when a valid key is used from
an invalid host (the system logs that a valid key was presented, but
not which one).
The man page states that DEBUG logging level is not recommended for
privacy reasons; there is a real need to audit connections based on the
keys used from which hosts. Could this logging feature be moved from
DEBUG to INFO to alieviate audit concerns without the additional
verbosity?
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list