security

d_asselin
d_asselin used Ask the Experts™
on
Hi All!

                  Here is the question. Mostly I’m looking for a idea on
How I could track the usage of  SSH private/public  keys.  

 What I’m looking for is there a way to detect if a user logd’in
To a server from a remote server using keys with no password
on a UNIX server (Solaris xx)

Dan
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Kerem ERSOYPresident

Commented:
Hi,

If what you are looking for is whether a user logged on using public-key or password the ssh log should show you that:

May 17 09:03:17 server sshd[27637]: Accepted publickey for user from 100.0.0.100 port 59057 ssh2May 17 09:03:17 server sshd[27637]: pam_unix(sshd:session): session opened for user user by (uid=0)May 17 12:39:23 server sshd[30250]: Accepted password for user from 200.175.33.3 port 59110 ssh2May 17 12:39:24 server sshd[30250]: pam_unix(sshd:session): session opened for user user by (uid=0)

Cheers,
K.

Author

Commented:
No not what I’m looking for.  I’m not even sure that what I’m looking for
Exists

  To be more precise a user connecting to a remote server using public/private keys
Is not prompted for a password.   What I’m looking for, is there a way to track such
A access to a sever  
 
President
Commented:
In fact it is not possible to detect this. You need aither assign neww password to each user using ssh-keygen:

ssh-keygen -f id_rsa -p

or you'll delete keys for users with keys without passphrase and recreate keys for them. Then replace their $/.ssh/authorized_keys fiile contents with your existing keys.

To create new keys please see this document here:
SSH access using public key

If you users insist on typing their password time after time you might consider using ssh-agent where they will need to type thier password only once.

Cheers,
K.

Author

Commented:
Thank you all

   It was my impression that it was not possible you just confirmed it.
This issue is closed.   I just needed a second opinion on the subject in cases
Someone had a idea or a possibility that could be explored

Again thank you all for the inputs

Dan

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial