On 6/4/07, Darren Tucker <[EMAIL PROTECTED]> wrote:
Flavio Junior wrote: > Hi folks, good morning/afternoon/evening ;) > > I'll try explain my doubt, but sorry for my english.. > > Can someone tell me if has a way to do SSHD log shows me "which" key > has been accepted when logged as root ? > > Example: > "May 31 15:15:17 lazlo sshd[12583]: Accepted publickey for root from > 192.168.4.192 port 1835 ssh2" > > But ... which key has been accepted ? how can i audit something like > it, if i have more than a single key on authorized_keys for rootSet "LogLevel verbose" in sshd_config and you'll get the key fingerprint logged in syslog too ("Found matching RSA key: XX:XX..")
Hm... This is, at least, an improvenment :) But, how can i do to discover from which key is some fingerprint ? Thanks again ;) Flavio do Carmo Junior
