passwordless ssh monitoring
Hi All,
I enabled passwordless ssh on some of the generic user accounts on some redhat linux 5 servers so anyone have his ssh key listed on that generic account's authorized_key will be allowed to ssh to the box without entering the password for that generic account.
I would like to know anything i can do to monitor who is actually using the generic account to login? i tried to add a environment variable to the user's ssh key that mark the username but i am not quite sure how i can use this variable to log the access.
thanks.
I enabled passwordless ssh on some of the generic user accounts on some redhat linux 5 servers so anyone have his ssh key listed on that generic account's authorized_key will be allowed to ssh to the box without entering the password for that generic account.
I would like to know anything i can do to monitor who is actually using the generic account to login? i tried to add a environment variable to the user's ssh key that mark the username but i am not quite sure how i can use this variable to log the access.
thanks.
Jan Bacher
Have you tried modifying sshd_config to log in Verbose mode and optionally, logging to a separate file?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Your /var/log/secure and /var/log/messages will include the IP from which the user is connecting
last username
You gave people keys to your house and then you are asking us to help you identify which individuals are using the keys you provided.
last username
You gave people keys to your house and then you are asking us to help you identify which individuals are using the keys you provided.
ASKER
Hi,
i added the logging command to the /etc/profile and it only can log user access for those user using bash shell? i have users using csh and nothing is being logged. Also i seems need to give write permission to the generic user account on the logging file otherwise i got permission denied when login.
thanks.
i added the logging command to the /etc/profile and it only can log user access for those user using bash shell? i have users using csh and nothing is being logged. Also i seems need to give write permission to the generic user account on the logging file otherwise i got permission denied when login.
thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks