We have a hosted CentOS 6.5 server in which we have a single user account. That account has been configured to use SSH keyfile authentication for the users who need to access it.
I would like to be able to see which keyfile was used to authenticate each login; effectively telling me which end-user logged into the single unix user account. Is there a mechanism for doing so?
Best Answer
On CentOS there is
/var/log/secure
. This holds the fingerprints of the logins:Map these back to the keys and you have the info you need. You can get the key fingerprints by doing: