From owner-freebsd-security Fri Oct 11 15:12:45 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8160137B404 for ; Fri, 11 Oct 2002 15:12:42 -0700 (PDT) Received: from walter.dfmm.org (walter.dfmm.org [209.151.233.240]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2F76943E88 for ; Fri, 11 Oct 2002 15:12:42 -0700 (PDT) (envelope-from jason@shalott.net) Received: (qmail 53604 invoked by uid 1000); 11 Oct 2002 22:12:38 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 11 Oct 2002 22:12:38 -0000 Date: Fri, 11 Oct 2002 15:12:38 -0700 (PDT) From: Jason Stone X-X-Sender: To: Nicholas Esborn Cc: Subject: Re: Possible to get publickey fingerprint in sshd log messages? In-Reply-To: <20021011192131.GB18130@carbon.berkeley.netdot.net> Message-ID: <20021011150528.W98319-100000@walter> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Is there any possibility to identify which public key was accepted in > sshd's syslog messages? Right now, it spits out something like: Yes - as of... 3.4? you can get key fingerprints by setting the loglevel to verbose. I reccommend using a separate logfile for sshd in that case, as the logs will get very long and noisy (depending on the size of your user base, of course). I add this to my syslog.conf: local7.* /var/log/sshd.log and this to my sshd_config: SyslogFacility LOCAL7 LogLevel VERBOSE I then get output like this in sshd.log: Oct 11 15:06:36 iphigenia sshd[715]: Found matching DSA key: c2:2a:a3:de:a4:42:19:a7:d0:45:9a:55:e8:0f:bc:d5 Oct 11 15:06:36 iphigenia sshd[715]: Accepted publickey for root from ::1 port 1358 ssh2 Oct 11 15:06:54 iphigenia sshd[715]: Connection closed by remote host. Oct 11 15:06:54 iphigenia sshd[715]: Closing connection to ::1 Oct 11 15:06:56 iphigenia sshd[722]: Connection from ::1 port 1359 Oct 11 15:06:58 iphigenia sshd[722]: Found matching RSA1 key: a9:3b:46:de:a4:42:19:a7:d0:45:9a:55:e8:0f:ad:9f Oct 11 15:06:58 iphigenia sshd[722]: Accepted rsa for root from ::1 port 1359 -Jason ----------------------------------------------------------------------- I worry about my child and the Internet all the time, even though she's too young to have logged on yet. Here's what I worry about. I worry that 10 or 15 years from now, she will come to me and say "Daddy, where were you when they took freedom of the press away from the Internet?" -- Mike Godwin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQE9p0zWswXMWWtptckRAtO/AJ0d4MAa6jGznNB1XUTptYNlff5T5QCgux2U 9PeLIVxksDtrYMfuXsJ0hdI= =bB9D -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message