[PATCH] Log source of keys when using AuthorizedKeysCommand

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



This is my first patch to openssh and I hope that I've approached
this well.

When using the AuthorizedKeysCommand the ssh daemon does not log the
source (local disk or AuthorizedKeysCommand) for the accepted key.
This patch adds a LOG_INFO level message when a key is matched from
the command so that users auditing their systems will know how the
key was injected.

Regards,
Robert Jennings

---
 auth2-pubkey.c |    3 +++
 1 file changed, 3 insertions(+)

Index: b/auth2-pubkey.c
===================================================================
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -975,6 +975,9 @@ user_key_command_allowed2(struct ssh *ss
 
 	/* Read completed successfully */
 	found_key = ok;
+	if (ok)
+		logit("%s: Key for %s found via AuthorizedKeysCommand: %s",
+		    __func__, user_pw->pw_name, format_key(key));
  out:
 	if (f != NULL)
 		fclose(f);
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux