sshd accepted fingerprint logging
Eldon Koyle
esk-openssh at esk.cs.usu.edu
Wed Oct 2 07:38:16 EST 2013
Currently, LogLevel must be set to VERBOSE to see the fingerprint of an
accepted key, and the default LogLevel is INFO. Since this is useful
security information, I would like to propose that the 'Accepted
publickey' message be modified to include the fingerprint of the
accepted key. Is this a reasonable solution?
Here is an example log snippet with LogLevel VERBOSE:
Oct 1 15:23:24 somehost sshd[18603]: Set /proc/self/oom_score_adj to 0
Oct 1 15:23:24 somehost sshd[18603]: Connection from 192.168.1.2 port 49331
Oct 1 15:23:24 somehost sshd[18603]: Found matching RSA key: 7a:70:db:e4:2a:6f:1f:01:8a:fe:15:97:99:fb:e0:2a
Oct 1 15:23:24 somehost sshd[18603]: Postponed publickey for someuser from 192.168.1.2 port 49331 ssh2 [preauth]
Oct 1 15:23:24 somehost sshd[18603]: Found matching RSA key: 7a:70:db:e4:2a:6f:1f:01:8a:fe:15:97:99:fb:e0:2a
Oct 1 15:23:24 somehost sshd[18603]: Accepted publickey for someuser from 192.168.1.2 port 49331 ssh2
Oct 1 15:23:24 somehost sshd[18603]: pam_unix(sshd:session): session opened for user someuser by (uid=0)
Oct 1 15:23:24 somehost sshd[18603]: User child is on pid 18610
--
Eldon Koyle
--
Men often believe -- or pretend -- that the "Law" is something sacred, or
at least a science -- an unfounded assumption very convenient to governments.
More information about the openssh-unix-dev
mailing list