Home / server / Questions / 302007
Accepted
MihaiM
Asked: 2011-08-18 03:33:04 +0800 CST

Get name of public key used to connect

  • 772

I created a shell script that asks the connected user a question and after that it give him the prompt. The shell posts the question to a database for logging. The problem is that our developers are using a shared account, but each user has it's private key. Is there any way to read with the shell script (bash) what public key the connected user has?

linux bash ssh public-key

2 Answers

  1. Best Answer

    There was a similar cuestion on Unix&Linux SE. With this in mind, you could grep the latest entry in your logs for the connecting IP:

    REMOTE_IP=${SSH_CONNECTION%% *}
grep -B1 ${REMOTE_IP} /var/log/auth.log

    Supposing you are using debian, sshd logs go to auth.log. If using an RH like distro they would be in secure.log.

    • 1

  2. You could raise the sshd logging level to VERBOSE by setting the LogLevel directive in /etc/ssh/sshd_config

    LogLevel DEBUG

    this causes sshd to log the following for each connection

    Aug 17 12:16:20 centos sshd[9587]: Connection from 192.168.254.200 port 58107
Aug 17 12:16:20 centos sshd[9587]: Found matching RSA key: 54:d2:06:cf:85:ac:89:f6:3c:a8:73:c7:a1:30:c2:8b
Aug 17 12:16:20 centos sshd[9588]: Postponed publickey for user from 192.168.254.200 port 58107 ssh2
Aug 17 12:16:20 centos sshd[9587]: Found matching RSA key: 54:d2:06:cf:85:ac:89:f6:3c:a8:73:c7:a1:30:c2:8b
Aug 17 12:16:20 centos sshd[9587]: Accepted publickey for user from 192.168.254.200 port 58107 ssh2
Aug 17 12:16:20 centos sshd[9587]: pam_unix(sshd:session): session opened for user user by (uid=0)

    The environment variable SSH_CONNECTION contains information oh the current connection

    192.168.254.200   58107          192.168.254.89   22 
<sourece IP>      <source port>  <destination IP> <destination port>

    With a little bit of scripting it should be possible to pull the two together.

    • 0