hi, you could be a little bit more verbose :-) or at leastr your ssh comand :-)
ssh -v -v [EMAIL PROTECTED] will give you the fingerprint of the used key then a ssh-add -l will give you the fingerprint and the name of the available keys On Fri, 2007-06-01 at 14:28 -0300, Flavio Junior wrote: > Hi folks, good morning/afternoon/evening ;) > > I'll try explain my doubt, but sorry for my english.. > > Can someone tell me if has a way to do SSHD log shows me "which" key > has been accepted when logged as root ? > > Example: > "May 31 15:15:17 lazlo sshd[12583]: Accepted publickey for root from > 192.168.4.192 port 1835 ssh2" > > But ... which key has been accepted ? how can i audit something like > it, if i have more than a single key on authorized_keys for root > > > More info about one of my boxes: > > lazlo:~# cat /etc/debian_version > 4.0 > lazlo:~# uname -a > Linux lazlo 2.6.18-4-amd64 #1 SMP Mon Mar 26 11:36:53 CEST 2007 x86_64 > GNU/Linux > lazlo:~# dpkg -l | grep ssh > ii openssh-client 4.3p2-9 > Secure shell client, an rlogin/rsh/rcp repla > ii openssh-server 4.3p2-9 > Secure shell server, an rshd replacement > lazlo:~# telnet localhost 22 > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > SSH-2.0-OpenSSH_4.3p2 Debian-9 > > Connection closed by foreign host. > lazlo:~# grep -Ev '^$|^#' /etc/ssh/sshd_config > Port 22 > Protocol 2 > HostKey /etc/ssh/ssh_host_rsa_key > HostKey /etc/ssh/ssh_host_dsa_key > UsePrivilegeSeparation yes > KeyRegenerationInterval 3600 > ServerKeyBits 768 > SyslogFacility AUTH > LogLevel INFO > LoginGraceTime 120 > PermitRootLogin without-password > StrictModes yes > RSAAuthentication yes > PubkeyAuthentication yes > IgnoreRhosts yes > RhostsRSAAuthentication no > HostbasedAuthentication no > PermitEmptyPasswords no > ChallengeResponseAuthentication no > X11Forwarding yes > X11DisplayOffset 10 > PrintMotd no > PrintLastLog yes > TCPKeepAlive yes > AcceptEnv LANG LC_* > Subsystem sftp /usr/lib/openssh/sftp-server > UsePAM yes > lazlo:~# > > > Best regards, > > > Flávio do Carmo Junior
