John Summerfield wrote:
I put my public key into .ssh/authorized_keys in all users' accounts on all hosts I need to access.
Hmmm...if you're going to update all users' authorized_keys files anyway, maybe you'd want to consider including something like: AuthorizedKeysFile /var/ssh_authorized_keys/%u in your sshd_config file, to keep them all in one place. Then you could allow/prevent users from updating their own authorized_keys. Or even put all authorized keys for all users in one file (replace the "%u" with a static file name).
Note that there is no logging of _who_ logs in to those accounts; if [EMAIL PROTECTED] had your public key and mine, there'd be nothing to say which is used on any particular occasion.
If you wanted to go to the trouble, and [EMAIL PROTECTED] was trustworthy, you could put something like: command="printf '%s\t%s\n' $(date +%Y%m%d%H%M%S) usera >> /var/ssh/root_access; bash -c \'$SSH_ORIGINAL_COMMAND\'" <etc> in his authorized_keys file, with "usera" unique to each public key indicating whose key was used (but not who used the key). -- Carnegie Institution - At the Frontiers of Science Larry Ploetz Systems Administrator Carnegie Institution of Washington Department of Plant Biology, TAIR 650 325 1521 x 296 [EMAIL PROTECTED] ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
