Re: OpenSSH not logging denied public keys, even with logging set to verbose.
On Fri, 2 Mar 2012, Mike Mestnik <cheako@mikemestnik.net> wrote:
> > I'd like to have OpenSSH log the email address field from a key that was
> > used for login so I could see something like "ssh key
> > russell@coker.com.au was used to login to account rjc" in my logs.
> >
> From what I know that information(the comment on the key) is not vary
> secure, Joe could put Bob as his comment...
>
> However one could so a look-up on the key from a key-server and get the
> email address that way. This is assuming that ppl are using there
> gpg(email) keys for ssh.
As the person who edits ~/.ssh/authorized_keys can put whatever they like in
that field the value isn't great globally. But in the scope of the one
account it matters. For example if your account was compromised via a ssh
authentication and you had three public keys listed it would be really
convenient to know which of the three was used. While the second hostile
login couldn't have any useful logging data if my suggestion was followed the
first would.
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
Reply to: