One account with multiple keys -- which one was used?
- From: Wayne Betts <wbetts@xxxxxxx>
- Date: Mon, 11 Sep 2006 14:14:16 -0400
If I have an account (eg. operator) with multiple public keys in the
~operator/.ssh/authorized_keys{,2} file, can I determine which key was
used by a given login, which is to say, can I determine who is logging
in as operator when using keys? I was hoping, for instance, that the
comment field in an rsa1 key could be recorded somewhere (such as
/var/log/messages) for each login each time a key is used - then I could
say Jack logged in as operator rather than Jill for instance.
A list moderator has already rejected this same basic question, because
I used the "root" account as an example rather than the "operator"
account, and the moderator's response was that "standard practice is to
never allow remote root logins" [and instead use distinct accounts and
su to generate audit trail]. Yes, that can generate the basis for the
necessary audit trail, but for the specific situation I have at hand, it
is not as convenient as having one account (root or otherwise) with
multiple keys, so I'm asking again:
Is there a way to distinguish which key was used to login to an account
with multiple permitted keys?
- Wayne
- Follow-Ups:
- Re: One account with multiple keys -- which one was used?
- From: Alexander Klimov
- Re: One account with multiple keys -- which one was used?
- From: Benjamin Donnachie
- Re: One account with multiple keys -- which one was used?
- Prev by Date: Re: openssh: Enabling sftp, but disabling ssh?
- Next by Date: openssh-4.3p2: setsockopt() problem
- Previous by thread: transport protocol exception (bad client public DH value)
- Next by thread: Re: One account with multiple keys -- which one was used?
- Index(es):
Relevant Pages
|
|
