Re: logging the public key

[Maria Iano <maria@xxxxxxxx>]

I turn on debugging in sshd_config and that way the key fingerprints  
are recorded when people log in. I move the logging out of messages  
though because then you get so much. I wish they'd add an option just  
to record the keys without all the other debugging info.

Maria

On Feb 4, 2011, at 2:40 PM, Anthony R Fletcher wrote:

> We are running OpenSSH versions 4.3 and 5.5 on a mixture of CentOS 5,
> Debian and Fedora 14 systems.
>
> Can OpenSSH log which public key, as listed in the authorized keys
> file, was used to log in? If so, how? This would be useful for
> auditing purposes.
>
> I don't see a config option, so I'm currently using a custom command  
> via
>        COMMAND="....." ssh-dss AAAAB3Nza..... key1
>        COMMAND="....." ssh-dss AAAABFFFF..... key2
> to log the key. It would be nice if there was a better way.
> Suggestions?
>
>                        Anthony.