SSH user public key info
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}
I want to find out which SSH user started my script on a server via SSH, i.e. which public key was used for the user to log in.
SSH_CONNECTION environment variable gives me the client's IP address.
I would also like to know which public key from authorized_keys was used and its comment (usually email).
I am looking for a solution without fiddling with sshd and its logs, so that I would not need to set up the target servers. The only thing known for sure is that the script is run on Ubuntu servers. Also my user doesn't have sudo rights.
linux ubuntu ssh public-key
asked Dec 17 '17 at 19:22
warvariucwarvariuc
820611
add a comment |
I want to find out which SSH user started my script on a server via SSH, i.e. which public key was used for the user to log in.
SSH_CONNECTION environment variable gives me the client's IP address.
I would also like to know which public key from authorized_keys was used and its comment (usually email).
I am looking for a solution without fiddling with sshd and its logs, so that I would not need to set up the target servers. The only thing known for sure is that the script is run on Ubuntu servers. Also my user doesn't have sudo rights.
linux ubuntu ssh public-key
asked Dec 17 '17 at 19:22
warvariucwarvariuc
820611
As the user can't sudo, are they logging in as their OWN user? if so, then why not just look at the user whom started the process? If not, you need to look at the time the shell the user is logged into started, and align that with a login entry in the sshd log.
– djsmiley2k
Dec 17 '17 at 19:49
"I want to find out which SSH user started my script on a server via SSH, i.e. which public key was used for the user to log in." Are you saying that multiple people share a single SSH user account?
– grawity
Dec 17 '17 at 21:44
> Are you saying that multiple people share a single SSH user account? Yes
– warvariuc
Dec 18 '17 at 6:27
add a comment |
I want to find out which SSH user started my script on a server via SSH, i.e. which public key was used for the user to log in.
SSH_CONNECTION environment variable gives me the client's IP address.
I would also like to know which public key from authorized_keys was used and its comment (usually email).
I am looking for a solution without fiddling with sshd and its logs, so that I would not need to set up the target servers. The only thing known for sure is that the script is run on Ubuntu servers. Also my user doesn't have sudo rights.
linux ubuntu ssh public-key
asked Dec 17 '17 at 19:22
warvariucwarvariuc
820611
I want to find out which SSH user started my script on a server via SSH, i.e. which public key was used for the user to log in.
SSH_CONNECTION environment variable gives me the client's IP address.
I would also like to know which public key from authorized_keys was used and its comment (usually email).
I am looking for a solution without fiddling with sshd and its logs, so that I would not need to set up the target servers. The only thing known for sure is that the script is run on Ubuntu servers. Also my user doesn't have sudo rights.
linux ubuntu ssh public-key
linux ubuntu ssh public-key
asked Dec 17 '17 at 19:22
warvariucwarvariuc
820611
asked Dec 17 '17 at 19:22
warvariucwarvariuc
820611
asked Dec 17 '17 at 19:22
warvariucwarvariuc
820611
asked Dec 17 '17 at 19:22
warvariucwarvariuc
820611
asked Dec 17 '17 at 19:22
warvariucwarvariuc
820611
820611
As the user can't sudo, are they logging in as their OWN user? if so, then why not just look at the user whom started the process? If not, you need to look at the time the shell the user is logged into started, and align that with a login entry in the sshd log.
– djsmiley2k
Dec 17 '17 at 19:49
"I want to find out which SSH user started my script on a server via SSH, i.e. which public key was used for the user to log in." Are you saying that multiple people share a single SSH user account?
– grawity
Dec 17 '17 at 21:44
> Are you saying that multiple people share a single SSH user account? Yes
– warvariuc
Dec 18 '17 at 6:27
add a comment |
As the user can't sudo, are they logging in as their OWN user? if so, then why not just look at the user whom started the process? If not, you need to look at the time the shell the user is logged into started, and align that with a login entry in the sshd log.
– djsmiley2k
Dec 17 '17 at 19:49
"I want to find out which SSH user started my script on a server via SSH, i.e. which public key was used for the user to log in." Are you saying that multiple people share a single SSH user account?
– grawity
Dec 17 '17 at 21:44
> Are you saying that multiple people share a single SSH user account? Yes
– warvariuc
Dec 18 '17 at 6:27
As the user can't sudo, are they logging in as their OWN user? if so, then why not just look at the user whom started the process? If not, you need to look at the time the shell the user is logged into started, and align that with a login entry in the sshd log.
– djsmiley2k
Dec 17 '17 at 19:49
As the user can't sudo, are they logging in as their OWN user? if so, then why not just look at the user whom started the process? If not, you need to look at the time the shell the user is logged into started, and align that with a login entry in the sshd log.
– djsmiley2k
Dec 17 '17 at 19:49
"I want to find out which SSH user started my script on a server via SSH, i.e. which public key was used for the user to log in." Are you saying that multiple people share a single SSH user account?
– grawity
Dec 17 '17 at 21:44
"I want to find out which SSH user started my script on a server via SSH, i.e. which public key was used for the user to log in." Are you saying that multiple people share a single SSH user account?
– grawity
Dec 17 '17 at 21:44
> Are you saying that multiple people share a single SSH user account? Yes
– warvariuc
Dec 18 '17 at 6:27
> Are you saying that multiple people share a single SSH user account? Yes
– warvariuc
Dec 18 '17 at 6:27
add a comment |
2 Answers
2
active
oldest
votes
This information isn't available to you by default. But it can be achieved in a couple of different ways.
As unprivileged user
You can make use of some of the features available in the authorized_keys file format. The feature I think is most useful to you is environment.
At the beginning of each line of authorized_keys in front of the key itself you put a string like this:
environment="SSH_KEY=name"
Where you substitute a different value for name on each line. This will set an environment variable called SSH_KEY when that particular line of authorized_keys is used for authentication. The full set of features you can make use of can be found using man sshd.
As system administrator
Enable the ExposeAuthInfo setting in sshd_config and reload the daemon. Then sshd will write the information you are looking for to a temporary file. The path to this file can be found in the SSH_USER_AUTH environment variable.
More information about such settings can be found using man sshd_config.
answered Jan 30 at 13:39
kasperdkasperd
2,64111126
add a comment |
/var/log/auth.log will contain en entry like:
Accepted publickey for <userid> from <IP address> port 57762 ssh2: RSA SHA256: <43 random characters>
The "random characters" are the fingerprint of the public key used. You can tell the fingerprints of the keys in your local authorized_keys file using:
ssh-keygen -lf /home/user/.ssh/authorized_keys
which lists the fingerprint of each key together with the key's comment (which is usually an email..)
answered Dec 17 '17 at 21:06
xenoidxenoid
4,5823921
1
Unfortunately, non-admin users don't have access to that file.
– warvariuc
Dec 18 '17 at 6:28
This answer is just what I needed. I am surprised that I found it on Super User and not Server Fault.
– kasperd
Jan 30 at 13:26
@warvariuc You are right, this does not answer your question. It is still a very useful answer, just not for your particular question. What you are looking for is an environment variable containing the same string that was written to the log. I don't know if such an environment variable exists.
– kasperd
Jan 30 at 13:29
@warvariuc I checked a couple of Ubuntu 18.04 systems. And no such environment variable exists by default. There is however aExposeAuthInfosetting which is disabled by default, but could be enabled to achieve this. However I just recalled that there is another way to achieve this which doesn't require changes tosshd_config. I have written an answer detailing both solutions.
– kasperd
Jan 30 at 13:57
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1277942%2fssh-user-public-key-info%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
This information isn't available to you by default. But it can be achieved in a couple of different ways.
As unprivileged user
You can make use of some of the features available in the authorized_keys file format. The feature I think is most useful to you is environment.
At the beginning of each line of authorized_keys in front of the key itself you put a string like this:
environment="SSH_KEY=name"
Where you substitute a different value for name on each line. This will set an environment variable called SSH_KEY when that particular line of authorized_keys is used for authentication. The full set of features you can make use of can be found using man sshd.
As system administrator
Enable the ExposeAuthInfo setting in sshd_config and reload the daemon. Then sshd will write the information you are looking for to a temporary file. The path to this file can be found in the SSH_USER_AUTH environment variable.
More information about such settings can be found using man sshd_config.
answered Jan 30 at 13:39
kasperdkasperd
2,64111126
add a comment |
This information isn't available to you by default. But it can be achieved in a couple of different ways.
As unprivileged user
You can make use of some of the features available in the authorized_keys file format. The feature I think is most useful to you is environment.
At the beginning of each line of authorized_keys in front of the key itself you put a string like this:
environment="SSH_KEY=name"
Where you substitute a different value for name on each line. This will set an environment variable called SSH_KEY when that particular line of authorized_keys is used for authentication. The full set of features you can make use of can be found using man sshd.
As system administrator
Enable the ExposeAuthInfo setting in sshd_config and reload the daemon. Then sshd will write the information you are looking for to a temporary file. The path to this file can be found in the SSH_USER_AUTH environment variable.
More information about such settings can be found using man sshd_config.
answered Jan 30 at 13:39
kasperdkasperd
2,64111126
add a comment |
This information isn't available to you by default. But it can be achieved in a couple of different ways.
As unprivileged user
You can make use of some of the features available in the authorized_keys file format. The feature I think is most useful to you is environment.
At the beginning of each line of authorized_keys in front of the key itself you put a string like this:
environment="SSH_KEY=name"
Where you substitute a different value for name on each line. This will set an environment variable called SSH_KEY when that particular line of authorized_keys is used for authentication. The full set of features you can make use of can be found using man sshd.
As system administrator
Enable the ExposeAuthInfo setting in sshd_config and reload the daemon. Then sshd will write the information you are looking for to a temporary file. The path to this file can be found in the SSH_USER_AUTH environment variable.
More information about such settings can be found using man sshd_config.
answered Jan 30 at 13:39
kasperdkasperd
2,64111126
This information isn't available to you by default. But it can be achieved in a couple of different ways.
As unprivileged user
You can make use of some of the features available in the authorized_keys file format. The feature I think is most useful to you is environment.
At the beginning of each line of authorized_keys in front of the key itself you put a string like this:
environment="SSH_KEY=name"
Where you substitute a different value for name on each line. This will set an environment variable called SSH_KEY when that particular line of authorized_keys is used for authentication. The full set of features you can make use of can be found using man sshd.
As system administrator
Enable the ExposeAuthInfo setting in sshd_config and reload the daemon. Then sshd will write the information you are looking for to a temporary file. The path to this file can be found in the SSH_USER_AUTH environment variable.
More information about such settings can be found using man sshd_config.
answered Jan 30 at 13:39
kasperdkasperd
2,64111126
edited Jan 30 at 13:55
answered Jan 30 at 13:39
kasperdkasperd
2,64111126
answered Jan 30 at 13:39
kasperdkasperd
2,64111126
answered Jan 30 at 13:39
kasperdkasperd
2,64111126
2,64111126
add a comment |
add a comment |
/var/log/auth.log will contain en entry like:
Accepted publickey for <userid> from <IP address> port 57762 ssh2: RSA SHA256: <43 random characters>
The "random characters" are the fingerprint of the public key used. You can tell the fingerprints of the keys in your local authorized_keys file using:
ssh-keygen -lf /home/user/.ssh/authorized_keys
which lists the fingerprint of each key together with the key's comment (which is usually an email..)
answered Dec 17 '17 at 21:06
xenoidxenoid
4,5823921
1
Unfortunately, non-admin users don't have access to that file.
– warvariuc
Dec 18 '17 at 6:28
This answer is just what I needed. I am surprised that I found it on Super User and not Server Fault.
– kasperd
Jan 30 at 13:26
@warvariuc You are right, this does not answer your question. It is still a very useful answer, just not for your particular question. What you are looking for is an environment variable containing the same string that was written to the log. I don't know if such an environment variable exists.
– kasperd
Jan 30 at 13:29
@warvariuc I checked a couple of Ubuntu 18.04 systems. And no such environment variable exists by default. There is however aExposeAuthInfosetting which is disabled by default, but could be enabled to achieve this. However I just recalled that there is another way to achieve this which doesn't require changes tosshd_config. I have written an answer detailing both solutions.
– kasperd
Jan 30 at 13:57
add a comment |
/var/log/auth.log will contain en entry like:
Accepted publickey for <userid> from <IP address> port 57762 ssh2: RSA SHA256: <43 random characters>
The "random characters" are the fingerprint of the public key used. You can tell the fingerprints of the keys in your local authorized_keys file using:
ssh-keygen -lf /home/user/.ssh/authorized_keys
which lists the fingerprint of each key together with the key's comment (which is usually an email..)
answered Dec 17 '17 at 21:06
xenoidxenoid
4,5823921
1
Unfortunately, non-admin users don't have access to that file.
– warvariuc
Dec 18 '17 at 6:28
This answer is just what I needed. I am surprised that I found it on Super User and not Server Fault.
– kasperd
Jan 30 at 13:26
@warvariuc You are right, this does not answer your question. It is still a very useful answer, just not for your particular question. What you are looking for is an environment variable containing the same string that was written to the log. I don't know if such an environment variable exists.
– kasperd
Jan 30 at 13:29
@warvariuc I checked a couple of Ubuntu 18.04 systems. And no such environment variable exists by default. There is however aExposeAuthInfosetting which is disabled by default, but could be enabled to achieve this. However I just recalled that there is another way to achieve this which doesn't require changes tosshd_config. I have written an answer detailing both solutions.
– kasperd
Jan 30 at 13:57
add a comment |
/var/log/auth.log will contain en entry like:
Accepted publickey for <userid> from <IP address> port 57762 ssh2: RSA SHA256: <43 random characters>
The "random characters" are the fingerprint of the public key used. You can tell the fingerprints of the keys in your local authorized_keys file using:
ssh-keygen -lf /home/user/.ssh/authorized_keys
which lists the fingerprint of each key together with the key's comment (which is usually an email..)
answered Dec 17 '17 at 21:06
xenoidxenoid
4,5823921
/var/log/auth.log will contain en entry like:
Accepted publickey for <userid> from <IP address> port 57762 ssh2: RSA SHA256: <43 random characters>
The "random characters" are the fingerprint of the public key used. You can tell the fingerprints of the keys in your local authorized_keys file using:
ssh-keygen -lf /home/user/.ssh/authorized_keys
which lists the fingerprint of each key together with the key's comment (which is usually an email..)
answered Dec 17 '17 at 21:06
xenoidxenoid
4,5823921
answered Dec 17 '17 at 21:06
xenoidxenoid
4,5823921
answered Dec 17 '17 at 21:06
xenoidxenoid
4,5823921
answered Dec 17 '17 at 21:06
xenoidxenoid
4,5823921
4,5823921
1
Unfortunately, non-admin users don't have access to that file.
– warvariuc
Dec 18 '17 at 6:28
This answer is just what I needed. I am surprised that I found it on Super User and not Server Fault.
– kasperd
Jan 30 at 13:26
@warvariuc You are right, this does not answer your question. It is still a very useful answer, just not for your particular question. What you are looking for is an environment variable containing the same string that was written to the log. I don't know if such an environment variable exists.
– kasperd
Jan 30 at 13:29
@warvariuc I checked a couple of Ubuntu 18.04 systems. And no such environment variable exists by default. There is however aExposeAuthInfosetting which is disabled by default, but could be enabled to achieve this. However I just recalled that there is another way to achieve this which doesn't require changes tosshd_config. I have written an answer detailing both solutions.
– kasperd
Jan 30 at 13:57
add a comment |
1
Unfortunately, non-admin users don't have access to that file.
– warvariuc
Dec 18 '17 at 6:28
This answer is just what I needed. I am surprised that I found it on Super User and not Server Fault.
– kasperd
Jan 30 at 13:26
@warvariuc You are right, this does not answer your question. It is still a very useful answer, just not for your particular question. What you are looking for is an environment variable containing the same string that was written to the log. I don't know if such an environment variable exists.
– kasperd
Jan 30 at 13:29
@warvariuc I checked a couple of Ubuntu 18.04 systems. And no such environment variable exists by default. There is however aExposeAuthInfosetting which is disabled by default, but could be enabled to achieve this. However I just recalled that there is another way to achieve this which doesn't require changes tosshd_config. I have written an answer detailing both solutions.
– kasperd
Jan 30 at 13:57
1
1
Unfortunately, non-admin users don't have access to that file.
– warvariuc
Dec 18 '17 at 6:28
Unfortunately, non-admin users don't have access to that file.
– warvariuc
Dec 18 '17 at 6:28
This answer is just what I needed. I am surprised that I found it on Super User and not Server Fault.
– kasperd
Jan 30 at 13:26
This answer is just what I needed. I am surprised that I found it on Super User and not Server Fault.
– kasperd
Jan 30 at 13:26
@warvariuc You are right, this does not answer your question. It is still a very useful answer, just not for your particular question. What you are looking for is an environment variable containing the same string that was written to the log. I don't know if such an environment variable exists.
– kasperd
Jan 30 at 13:29
@warvariuc You are right, this does not answer your question. It is still a very useful answer, just not for your particular question. What you are looking for is an environment variable containing the same string that was written to the log. I don't know if such an environment variable exists.
– kasperd
Jan 30 at 13:29
@warvariuc I checked a couple of Ubuntu 18.04 systems. And no such environment variable exists by default. There is however a
ExposeAuthInfo setting which is disabled by default, but could be enabled to achieve this. However I just recalled that there is another way to achieve this which doesn't require changes to sshd_config. I have written an answer detailing both solutions.– kasperd
Jan 30 at 13:57
@warvariuc I checked a couple of Ubuntu 18.04 systems. And no such environment variable exists by default. There is however a
ExposeAuthInfo setting which is disabled by default, but could be enabled to achieve this. However I just recalled that there is another way to achieve this which doesn't require changes to sshd_config. I have written an answer detailing both solutions.– kasperd
Jan 30 at 13:57
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1277942%2fssh-user-public-key-info%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
As the user can't sudo, are they logging in as their OWN user? if so, then why not just look at the user whom started the process? If not, you need to look at the time the shell the user is logged into started, and align that with a login entry in the sshd log.
– djsmiley2k
Dec 17 '17 at 19:49
"I want to find out which SSH user started my script on a server via SSH, i.e. which public key was used for the user to log in." Are you saying that multiple people share a single SSH user account?
– grawity
Dec 17 '17 at 21:44
> Are you saying that multiple people share a single SSH user account? Yes
– warvariuc
Dec 18 '17 at 6:27