I turn on debugging in sshd_config and that way the key fingerprints
are recorded when people log in. I move the logging out of messages
though because then you get so much. I wish they'd add an option just
to record the keys without all the other debugging info.
Maria
On Feb 4, 2011, at 2:40 PM, Anthony R Fletcher wrote:
We are running OpenSSH versions 4.3 and 5.5 on a mixture of CentOS 5,
Debian and Fedora 14 systems.
Can OpenSSH log which public key, as listed in the authorized keys
file, was used to log in? If so, how? This would be useful for
auditing purposes.
I don't see a config option, so I'm currently using a custom command
via
COMMAND="....." ssh-dss AAAAB3Nza..... key1
COMMAND="....." ssh-dss AAAABFFFF..... key2
to log the key. It would be nice if there was a better way.
Suggestions?
Anthony.