security

Hi All!

                  Here is the question. Mostly I’m looking for a idea on
How I could track the usage of  SSH private/public  keys.  

 What I’m looking for is there a way to detect if a user logd’in
To a server from a remote server using keys with no password
on a UNIX server (Solaris xx)

Dan
d_asselinAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Kerem ERSOYPresidentCommented:
Hi,

If what you are looking for is whether a user logged on using public-key or password the ssh log should show you that:

May 17 09:03:17 server sshd[27637]: Accepted publickey for user from 100.0.0.100 port 59057 ssh2May 17 09:03:17 server sshd[27637]: pam_unix(sshd:session): session opened for user user by (uid=0)May 17 12:39:23 server sshd[30250]: Accepted password for user from 200.175.33.3 port 59110 ssh2May 17 12:39:24 server sshd[30250]: pam_unix(sshd:session): session opened for user user by (uid=0)

Cheers,
K.

d_asselinAuthor Commented:
No not what I’m looking for.  I’m not even sure that what I’m looking for
Exists

  To be more precise a user connecting to a remote server using public/private keys
Is not prompted for a password.   What I’m looking for, is there a way to track such
A access to a sever  
 
Kerem ERSOYPresidentCommented:
In fact it is not possible to detect this. You need aither assign neww password to each user using ssh-keygen:

ssh-keygen -f id_rsa -p

or you'll delete keys for users with keys without passphrase and recreate keys for them. Then replace their $/.ssh/authorized_keys fiile contents with your existing keys.

To create new keys please see this document here:
SSH access using public key

If you users insist on typing their password time after time you might consider using ssh-agent where they will need to type thier password only once.

Cheers,
K.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
d_asselinAuthor Commented:
Thank you all

   It was my impression that it was not possible you just confirmed it.
This issue is closed.   I just needed a second opinion on the subject in cases
Someone had a idea or a possibility that could be explored

Again thank you all for the inputs

Dan
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Project Management

From novice to tech pro — start learning today.