get ssh key comment

lyynxxx · March 5, 2012, 5:12am

Hey Guys,

I have a server, and a technical user on it (only for reading logs). I set up openssh, and the user can login only with ssh key pair.
Under this one technical user, there are a lots of public keys in the ~/.ssh/authorized_keys file. I would like to find out/log with which key the user authenticated.

I have start to create a bash script, what starts right after the login, reads the security log for the key fingerprint and saves it to a variable, reads the authorized_keys file line by line and generates the fingerprints then comapres the fingerprints and after the match, logger sends the comment from the public key to the logs...

"My bash" is not so good, so I wonder if there is any other simple or elegant solution for this? Any help would be great. Thanks.
Peter.-

Corona688 · March 5, 2012, 11:18am

Unfortunately I can't fiddle with my own SSH server here without losing contact so I can't give details but I see some pitfalls in that approach.

Putting the key in a log available to anyone sounds dangerous. If just the line number would be possible, that may be sufficient.

fpmurphy · March 5, 2012, 11:25am

A better approach might be to set the appropriate sshd logging level and parse the resulting sshd logfile for that information.

What OS and distribution are you on?

lyynxxx · March 5, 2012, 11:56am

I set the loglevel to debug, but unfortunately the logs do not conatains the informations I need. I see only the tty number/PID/key fingerpring.
The OS is RHEL5 x64