Can I find out which ssh key was used to access an account?
Is it possible to find out which ssh key was used to access an account? I have an account on a server that I let several (trusted!) people have access to via ssh. I’d find it useful to be able to know who logged in and when. I have root access so I can look at the logs, but there doesn’t seem to be anything there. Is there some configuration switch that will put some way of identifying the key in the logs?
It would be amazingly useful to be able to find out which key was used to authorize the current session — in my case, for access control on a Mercurial repository accessed through a shared login. All the existing techniques involve threading the identity through a command option, which is a bit clunky.
In case someone wants to detect the currently used ssh key from within the current ssh session you may have a look at my answer to a similar question on serverfault. I post this as a comment here because it’s not the same question, just highly related.
7 Answers 7
If you go into the sshd config file (usually /etc/ssh/sshd_config ) and change the LogLevel directive to VERBOSE:
. you can see something like this in the logs:
Jun 24 22:43:42 localhost sshd[29779]: Found matching RSA key: d8:d5:f3:5a:7e:27:42:91:e6:a5:e6:9e:f9:fd:d3:ce
Jun 24 22:43:42 localhost sshd[29779]: Accepted publickey for caleb from 127.0.0.1 port 59630 ssh2
LogLevel Gives the verbosity level that is used when logging messages from sshd(8). The possible values are: QUIET, FATAL, ERROR, INFO, VER- BOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify higher levels of debugging output. Logging with a DEBUG level vio- lates the privacy of users and is not recommended. For printing fingerprint of current session: sed -ne «/sshd.$PPID. *matching DSA key/» /var/log/auth.log
@F.Hauri, Unless I’m missing something, wouldn’t that return the wrong thing if a PID is reused for a second SSH session? It looks like it will always return the earliest fingerprint for the given PID in auth.log rather than the latest.
This will only list the fingerprint. If you want to get fingerprint, you can run ssh-keygen -E md5 -lf /root/.ssh/authorized_keys .
Somewhat similar to @user37161’s answer. If the shared account is running a custom shell and the shell needs to know what user is there, then running the «wrapper» script might not be sufficient, since information there isn’t passed into the custom shell except through methods that could cause race conditions.
Instead you can use the environment= option in authorized_keys file to set an environment variable, which the custom shell can then read.
Inside your .ssh/authorized_keys file, prepend each line with an environment variable set, like the following:
environment="REMOTEUSER=jrhacker" ssh-rsa . environment="REMOTEUSER=jbloggs" ssh-rsa . Then the custom shell, or any of the various rc scripts, can read the $REMOTEUSER variable and take the appropriate action.
However, note that if you’re using a standard shell, then the logged-in user is capable of modifying the file to thwart various things. Also, there is some risks in allowing users to set environment variables such as LDPRELOAD . See the sshd_config documentation about PermitUserEnvironment .
Как найти открытый ключ SSH
Добавить в избранное
Главное меню » Linux » Как найти открытый ключ SSH
В некоторых ситуациях вам может потребоваться просмотреть содержимое ваших ключей SSH. Например, вам может потребоваться просмотреть содержимое открытого ключа, чтобы добавить его в удаленные службы, требующие аутентификации SSH, такие как Google Cloud. В этой статье показано, как просмотреть содержимое ключа SSH с помощью простой команды cat в Linux.
Как сгенерировать SSH-ключ
Первым шагом к настройке ключа SSH является создание пары. Пара ключей SSH содержит открытый и закрытый ключи. Используя общедоступную и частную пару, вы можете аутентифицировать пользователя на удаленном хосте.
В Linux используйте следующую команду для создания пары ключей SSH:
Приведенная выше команда потребует от вас ввода информации для настройки и создания ключей. Если вы находитесь в незащищенных сетях или критических системах, обязательно зашифруйте свои ключи парольной фразой.
Generating public/private rsa key pair. Enter file in which to save the key (/home/ubuntu/.ssh/id_rsa): Created directory '/home/ubuntu/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/ubuntu/.ssh/id_rsa Your public key has been saved in /home/ubuntu/.ssh/id_rsa.pub The key fingerprint is: SHA256:hVkOnzk7nLWx3j4vqLv/B83tYN7w3juLAbFw610xh7Q ubuntu@CSALEM The key's randomart image is: +---[RSA 3072]----+ | . . . | | B o . o | | o.Boo Eo.| | oo=++ +| | S =+o +.| | .oo.* +| | ..*.B | | ..*.*| | +=.ooOB| +----[SHA256]-----+
Как просмотреть ключ SSH
Первый метод, который вы можете использовать для просмотра своего ключа SSH, — это использовать простую команду cat. Эта команда распечатает содержимое файла, которое вы можете скопировать и вставить на удаленный хост. По умолчанию ключи SSH хранятся в /home/$USER/.ssh
Для просмотра содержимого:
Приведенная выше команда распечатает содержимое вашего открытого ключа SSH. Ниже приведен пример ключа:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4P7J4iUnK+lbKeBxEJqgBaapI6/tr2we9Ipr9QzYvAIzOyS396uYRhUldTL0sios0BlCes9k9FEU8/ZFABaPlvr/UcM/vBlVpEv1uCkq1Rg48bK8nWuCBcLmy2B+MUoiXT/0W51qT2fSYRUk0fafnxvBnqRidRdOpRLi48CzvsSua+tU5AciEuYJ+L4X32UF2sHe6o+GzAyItK5ZzpneiEPfoHUSJ4N7+wUcrTI52NPrHmH11jzLPpMHxoqiDBzF2IIVxxU1GSioGAij7T5Sf6aWDOnBHnpeJBFujChg+p2WPlha+B2NaCt25eBtwPMMFQqmJ38xoPr1BCtF6ViOR1e2e7rk/+XMLuY67U8mawhJbl6IqfzRtn5C8dP6vGqMg30kW9vIp4GqlbGLMeAyuBsA45rNnVqxtiMXdKcHPvA+Mmbm+7YSXzoyQcuRUzJY9K+Y+ty7XQP09HGvT7bvtFvC5B9wWAqt5qgmTToLp7qHLCXK+m/6rpJp7d57tGv0= ubuntu@UBUNTU
Другой метод, который вы можете использовать для просмотра содержимого вашего SSH-ключа, — это использование инструмента аутентификации Open-SSH с помощью команды, показанной ниже:
ssh-agent sh -c "ssh-add; ssh-add -L"
Эта команда запросит у вас пароль аутентификации для парольной фразы, если она назначена, как показано ниже:
Enter passphrase for /home/ubuntu/.ssh/id_rsa: Identity added: /home/ubuntu/.ssh/id_rsa (ubuntu@CSALEM) ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4P7J4iUnK+lbKeBxEJqgBaapI6/tr2we9Ipr9QzYvAIzOyS396uYRhUldTL0sios0BlCes9k9FEU8/ZFABaPlvr/UcM/vBlVpEv1uCkq1Rg48bK8nWuCBcLmy2B+MUoiXT/0W51qT2fSYRUk0fafnxvBnqRidRdOpRZtxMLOj7Sua+tU5AciEuYJ+L4X32UF2sHe6o+GzAyItK5ZzpneiEPfoHUSJ4N7+wUcrTI52NPrHmH11jzLPpMHxoqiDBzF2IIVxxU1GSioGAij7T5Sf6aWDOnBHnpeJBFujChg+p2WPlha+B2NaCt25eBtwPMMFQqmJ38xoPr1BCtF6ViOR1e2e7rk/+XML3ypZU8mawhJbl6IqfzRtn5C8dP6vGqMg30kW9vIp4GqlbGLMeAyuBsA45rNnVqxtiMXdKcHPvA+Mmbm+7YSXzoyQcuRUzJY9K+Y+ty7XQPmwYgvLo7G78vC5B9wWAqt5qgmTToLp7qHLCXK+m/6rpJp7d57tGv0= ubuntu@UBUNTU
Заключение
В этой статье показано, как сгенерировать ключ SSH, а также два метода, которые можно использовать для просмотра содержимого ключа SSH. По большей части вам нужно будет только просматривать содержимое открытых ключей, а не закрытых ключей. Всегда следите за тем, чтобы ваши ключи SSH всегда были защищены. Защитите свою оболочку!
How to Find SSH Public Key
In some situations, you may need to view the contents of your SSH keys. For example, you may need to view the contents of a public key to add it to remote services requiring SSH authentication, such as Google Cloud. This article shows you how to view SSH key contents using a simple cat command in Linux.
How to Generate an SSH Key
The first step to setting up an SSH key is to generate a pair. An SSH-key pair contains a public and private key. Using the public and private pair, you can authenticate a user to a remote host.
In Linux, use the following command to generate an SSH key pair:
The above command will require you to input information to set up and create the keys. If you are on unsecured networks or critical systems, be sure to encrypt your keys with a passphrase.
Generating public / private rsa key pair.
Enter file in which to save the key ( / home / ubuntu / .ssh / id_rsa ) :
Created directory ‘/home/ubuntu/.ssh’ .
Enter passphrase ( empty for no passphrase ) :
Enter same passphrase again:
Your identification has been saved in / home / ubuntu / .ssh / id_rsa
Your public key has been saved in / home / ubuntu / .ssh / id_rsa.pub
The key fingerprint is:
SHA256:hVkOnzk7nLWx3j4vqLv / B83tYN7w3juLAbFw610xh7Q ubuntu @ CSALEM
The key ‘s randomart image is:
+—[RSA 3072]—-+
| . . . |
| B o . o |
| o.Boo Eo.|
| oo=++ +|
| S =+o +.|
| .oo.* +|
| ..*.B |
| ..*.*|
| +=.ooOB|
+—-[SHA256]——+
NOTE: You must have the OpenSSH package installed on your system to use the ssh-keygen command.
How to View an SSH Key
The first method that you can use to view your SSH key is by using a simple cat command. This command will print the file’s contents, which you can copy and paste to the remote host. By default, SSH keys are stored in the /home/$USER/.ssh
The above command will print the contents of your SSH public key. The following is an example key:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4P7J4iUnK+lbKeBxEJqgBaapI6 / tr2we9Ipr9QzYvAIzOyS396uYRhUldTL0sios0BlCes9k9FEU8 / ZFABaPlvr / UcM / vBlVpEv1uCkq1Rg48bK8nWuCBcLmy2B+MUoiXT / 0W51qT2fSYRUk0fafnxvBnqRidRdOpRZtxMKjvsSua+tU5AciEuYJ+L4X32UF2sHe6o+GzAyItK5ZzpneiEPfoHUSJ4N7+wUcrTI52NPrHmH11jzLPpMHxoqiDBzF2IIVxxU1GSioGAij7T5Sf6aWDOnBHnpeJBFujChg+p2WPlha+B2NaCt25eBtwPMMFQqmJ38xoPr1BCtF6ViOR1e2e7rk / +XML3ypZU8mawhJbl6IqfzRtn5C8dP6vGqMg30kW9vIp4GqlbGLMeAyuBsA45rNnVqxtiMXdKcHPvA+Mmbm+7YSXzoyQcuRUzJY9K+Y+ty7XQPmwYgvT7bvtFvC5B9wWAqt5qgmTToLp7qHLCXK+m / 6 rpJp7d57tGv0 = ubuntu @ UBUNTU
Another method that you can use to view the contents of your SSH key is by using the Open-SSH authentication tool with the command shown below:
This command will prompt you for an authentication password for the passphrase if one is assigned, as follows:
Enter passphrase for / home / ubuntu / .ssh / id_rsa:
Identity added: / home / ubuntu / .ssh / id_rsa ( ubuntu @ CSALEM )
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4P7J4iUnK+lbKeBxEJqgBaapI6 / tr2we9Ipr9QzYvAIzOyS396uYRhUldTL0sios0BlCes9k9FEU8 / ZFABaPlvr / UcM / vBlVpEv1uCkq1Rg48bK8nWuCBcLmy2B+MUoiXT / 0W51qT2fSYRUk0fafnxvBnqRidRdOpRZtxMKjvsSua+tU5AciEuYJ+L4X32UF2sHe6o+GzAyItK5ZzpneiEPfoHUSJ4N7+wUcrTI52NPrHmH11jzLPpMHxoqiDBzF2IIVxxU1GSioGAij7T5Sf6aWDOnBHnpeJBFujChg+p2WPlha+B2NaCt25eBtwPMMFQqmJ38xoPr1BCtF6ViOR1e2e7rk / +XML3ypZU8mawhJbl6IqfzRtn5C8dP6vGqMg30kW9vIp4GqlbGLMeAyuBsA45rNnVqxtiMXdKcHPvA+Mmbm+7YSXzoyQcuRUzJY9K+Y+ty7XQPmwYgvT7bvtFvC5B9wWAqt5qgmTToLp7qHLCXK+m / 6 rpJp7d57tGv0 = ubuntu @ UBUNTU
Conclusion
This article showed you how to generate an SSH key, as well as two methods that you can use to view the content of an SSH key. For the most part, you will only need to view the content within public keys, and not private keys. Always make sure to protect your SSH keys at all times. Secure your Shell!
About the author
John Otieno
My name is John and am a fellow geek like you. I am passionate about all things computers from Hardware, Operating systems to Programming. My dream is to share my knowledge with the world and help out fellow geeks. Follow my content by subscribing to LinuxHint mailing list