7

We have a hosted CentOS 6.5 server in which we have a single user account. That account has been configured to use SSH keyfile authentication for the users who need to access it.

I would like to be able to see which keyfile was used to authenticate each login; effectively telling me which end-user logged into the single unix user account. Is there a mechanism for doing so?

Improve this question
2
  • @MarkPlotnick there is not auth.log on CentOS. Commented Dec 13, 2020 at 9:14
  • @Jakuje Thank you. I’ve removed my comment that mentioned that file. Commented Dec 13, 2020 at 13:12

1 Answer 1

Reset to default
8

On CentOS there is /var/log/secure. This holds the fingerprints of the logins:

 Aug 7 23:12:57 my-server sshd[2584]: Accepted publickey for user from 192.168.1.156 port 58279 ssh2: RSA 32:f1:aa:aa:aa:aa:aa:aa:bb:be:ef:c3:aa:bb:cc:f8

Map these back to the keys and you have the info you need. You can get the key fingerprints by doing:

ssh-keygen -l -f ~/.ssh/*.pub
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.