Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 11 Oct 2002 15:12:38 -0700 (PDT)
From:      Jason Stone <jason-fbsd-security@shalott.net>
To:        Nicholas Esborn <nick@netdot.net>
Cc:        <freebsd-security@freebsd.org>
Subject:   Re: Possible to get publickey fingerprint in sshd log messages?
Message-ID:  <20021011150528.W98319-100000@walter>
In-Reply-To: <20021011192131.GB18130@carbon.berkeley.netdot.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> Is there any possibility to identify which public key was accepted in
> sshd's syslog messages?  Right now, it spits out something like:

Yes - as of... 3.4? you can get key fingerprints by setting the loglevel
to verbose.  I reccommend using a separate logfile for sshd in that case,
as the logs will get very long and noisy (depending on the size of your
user base, of course).

I add this to my syslog.conf:

local7.* /var/log/sshd.log

and this to my sshd_config:

SyslogFacility LOCAL7
LogLevel VERBOSE


I then get output like this in sshd.log:

Oct 11 15:06:36 iphigenia sshd[715]: Found matching DSA key: c2:2a:a3:de:a4:42:19:a7:d0:45:9a:55:e8:0f:bc:d5
Oct 11 15:06:36 iphigenia sshd[715]: Accepted publickey for root from ::1 port 1358 ssh2
Oct 11 15:06:54 iphigenia sshd[715]: Connection closed by remote host.
Oct 11 15:06:54 iphigenia sshd[715]: Closing connection to ::1
Oct 11 15:06:56 iphigenia sshd[722]: Connection from ::1 port 1359
Oct 11 15:06:58 iphigenia sshd[722]: Found matching RSA1 key: a9:3b:46:de:a4:42:19:a7:d0:45:9a:55:e8:0f:ad:9f
Oct 11 15:06:58 iphigenia sshd[722]: Accepted rsa for root from ::1 port 1359


 -Jason

 -----------------------------------------------------------------------
 I worry about my child and the Internet all the time, even though she's
 too young to have logged on yet.  Here's what I worry about.  I worry
 that 10 or 15 years from now, she will come to me and say "Daddy, where
 were you when they took freedom of the press away from the Internet?"
	-- Mike Godwin

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: See https://private.idealab.com/public/jason/jason.gpg

iD8DBQE9p0zWswXMWWtptckRAtO/AJ0d4MAa6jGznNB1XUTptYNlff5T5QCgux2U
9PeLIVxksDtrYMfuXsJ0hdI=
=bB9D
-----END PGP SIGNATURE-----


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021011150528.W98319-100000>