Hi all, Attached is patch for feature to print the full public key of all key-based login attempts when debug level is set to 1 or above. It was written in the course of debugging/forensic analysis. Looking for comments on merge worthiness. Enhancement ticket can be seen here: https://bugzilla.mindrot.org/show_bug.cgi?id=2939 Github pull request here: https://github.com/openssh/openssh-portable/pull/112 (made before I realized they're not the preferred method of contribution) Andrew
diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 2fb5950..82cce57 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -122,6 +122,17 @@ userauth_pubkey(struct ssh *ssh) "(received %d, expected %d)", __func__, key->type, pktype); goto done; } + if (log_level_get() >= SYSLOG_LEVEL_DEBUG1) { + if ((b = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshkey_format_text(key, b)) != 0) + fatal("%s: sshkey_format_text failed: %s", __func__, + ssh_err(r)); + debug("%s: public key of %s: %s", __func__, authctxt->user, + sshbuf_ptr(b)); + sshbuf_free(b); + b = NULL; + } if (sshkey_type_plain(key->type) == KEY_RSA && (ssh->compat & SSH_BUG_RSASIGMD5) != 0) { logit("Refusing RSA key because client uses unsafe "
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev