Flavio Junior wrote:
Hi folks, good morning/afternoon/evening ;)
I'll try explain my doubt, but sorry for my english..
Can someone tell me if has a way to do SSHD log shows me "which" key
has been accepted when logged as root ?
Example:
"May 31 15:15:17 lazlo sshd[12583]: Accepted publickey for root from
192.168.4.192 port 1835 ssh2"
But ... which key has been accepted ? how can i audit something like
it, if i have more than a single key on authorized_keys for root
Set "LogLevel verbose" in sshd_config and you'll get the key fingerprint
logged in syslog too ("Found matching RSA key: XX:XX..")
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
