Linux – How to get the comment of the current authorized_keys ssh key

linuxsshUbuntu

Edit: What I really need to know WHICH ssh key from authorized_keys has been used to identify the currently logged on user.

According to "man sshd":

Protocol 2 public key consist of options, keytype, base64-encoded key, comment.

I see that when I use ssh-keygen, the comment is usually the local identity of the user. Is there any way to access this value when I'm on the remote computer ? (Kind of like the SSH_CLIENT shell variable)

(Assuming I enforce the comment to be a remote identity of some sort, I would like to log this from a shell-script! This is on ubuntu)

Best Answer

I personally would not recommend this solution, but am posting this for the sake of discussion.

If you're willing to:

Change the Logging level of SSHd
Give your script access to /var/log/secure (or equivalent log file)

You can set "LogLevel DEBUG" in sshd_config to get the following entries each time an ssh key is used successfully for authentication:

Aug 13 11:51:13 myhost sshd[20195]: debug1: matching key found: file /home/myuser/.ssh/authorized_keys, line 3
Aug 13 11:51:13 myhost sshd[20195]: Found matching DSA key: 00:aa:bb:cc:dd:ee:00:c0:0b:fa:ce:00:00:ab:cd:ef

Writing a script to parse the logs and retrieve the relevant information would be trivial. You could probably grep for "sshd[$PPID]" to reduce the lines the script has to munge.

Do note that changing the loglevel to DEBUG will increase the size of your logs considerable and may violate the privacy of users. From "man sshd_config":

Logging with a DEBUG level violates the privacy of users and is not recommended.

I'm sure there are various steps one can take to make this solution a little less ghastly (e.g. logging sshd DEBUG info to a different file and controlling access to that file and the script) but at the end if the day it will still make you cringe.

Related Solutions

Linux – Install public key via ssh-copy-id for other users

Not the same command but if you have sudo on the remote host, you can use ssh to remotely do the required steps. I use the following command to push my ssh key to my raspberry's root user:

cat ~/.ssh/id_rsa.pub | \
  ssh pi@192.168.1.25 \
  "sudo mkdir /root/.ssh; sudo tee -a /root/.ssh/authorized_keys"

cats my bublic key
pipes it to ssh
ssh connects to my raspberry as ssh user
on remote uses sudo to create /root/.ssh
then uses sudo with "tee -a" to append stdin (which holds the key from first cat) to /root/.ssh/authorized_keys

Just put this stuff together as a script, maybe add some chmod/chown on the remote side and you have what you need.

Linux – Did I just send the private ssh key

No, you didn't send your private key. What SSH does here is just group the public and private keys by their name. For example, id_rsa refers to the keypair id_rsa and id_rsa.pub.

"Offering public key" means that it sends your id_rsa.pub to the server. The server then generates an encrypted auth token using the public key.

When it says "trying private key", it will try to decrypt that authentication token with the corresponding private key, and send that back to the server for verification.

Best Answer

Related Solutions

Linux – Install public key via ssh-copy-id for other users

Linux – Did I just send the private ssh key

Related Question