Home / server / Questions / 1160582
Accepted
F. Hauri - Give Up GitHub
Asked: 2024-06-07 23:36:22 +0800 CST

Which key was used to open my user account

  • 772

This is question is an upgrade attempt of Find out which ssh key was used to access an account -- Some scripts for proper installation

Where I

  • use rsyslog to generate separated log file, readable by group user,
  • modify .bashrc for adding a $SSH_USER_KEY in user environment.

Unfortunately on systems using systemd and journalctl I have to manually install rsyslog which are no more installed by default.

So yes, if I install rsyslog package, I could resolve my problem, my scripts will run again but,

I wonder if there could exist some more appropriated (systemd) way for permitting user to see the hash of key used for the last connection.

linux

1 Answers

  1. Best Answer

    Enable the "ExposeAuthInfo" option in your sshd configuration

    /etc/ssh/sshd_config
    
ExposeAuthInfo yes

    The user will then get an $SSH_USER_AUTH environment variable, which points to a file containing the public key (or Kerberos principal name, or whatever else) that was used for authentication.

    % cat $SSH_USER_AUTH
gssapi-with-mic [email protected]

    % cat $SSH_USER_AUTH
publickey ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF4k/zikGJLxSTxck...

    This option is new in OpenSSH 7.6 (2017). If you're running an older version – install rsyslog.

    (Although in this situation, anything rsyslog does could also be achieved with a systemd .service that runs ExecStart=journalctl -u sshd -f | grep public > /var/log/pubkeys.)

    • 3