[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OpenSSH not logging denied public keys, even with logging set to verbose.

On Fri, 2 Mar 2012, Mike Mestnik <cheako@mikemestnik.net> wrote:
> > I'd like to have OpenSSH log the email address field from a key that was
> > used  for login so I could see something like "ssh key
> > russell@coker.com.au was used to login to account rjc" in my logs.
> >
> From what I know that information(the comment on the key) is not vary
> secure, Joe could put Bob as his comment...
> 
> However one could so a look-up on the key from a key-server and get the
> email address that way.  This is assuming that ppl are using there
> gpg(email) keys for ssh.

As the person who edits ~/.ssh/authorized_keys can put whatever they like in 
that field the value isn't great globally.  But in the scope of the one 
account it matters.  For example if your account was compromised via a ssh 
authentication and you had three public keys listed it would be really 
convenient to know which of the three was used.  While the second hostile 
login couldn't have any useful logging data if my suggestion was followed the 
first would.

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/
Reply to: