SSH user public key info
I want to find out which SSH user started my script on a server via SSH, i.e. which public key was used for the user to log in.
SSH_CONNECTION
environment variable gives me the client's IP address.
I would also like to know which public key from authorized_keys
was used and its comment (usually email).
I am looking for a solution without fiddling with sshd
and its logs, so that I would not need to set up the target servers. The only thing known for sure is that the script is run on Ubuntu servers. Also my user doesn't have sudo
rights.
linux ubuntu ssh public-key
add a comment |
I want to find out which SSH user started my script on a server via SSH, i.e. which public key was used for the user to log in.
SSH_CONNECTION
environment variable gives me the client's IP address.
I would also like to know which public key from authorized_keys
was used and its comment (usually email).
I am looking for a solution without fiddling with sshd
and its logs, so that I would not need to set up the target servers. The only thing known for sure is that the script is run on Ubuntu servers. Also my user doesn't have sudo
rights.
linux ubuntu ssh public-key
As the user can't sudo, are they logging in as their OWN user? if so, then why not just look at the user whom started the process? If not, you need to look at the time the shell the user is logged into started, and align that with a login entry in the sshd log.
– djsmiley2k
Dec 17 '17 at 19:49
"I want to find out which SSH user started my script on a server via SSH, i.e. which public key was used for the user to log in." Are you saying that multiple people share a single SSH user account?
– grawity
Dec 17 '17 at 21:44
> Are you saying that multiple people share a single SSH user account? Yes
– warvariuc
Dec 18 '17 at 6:27
add a comment |
I want to find out which SSH user started my script on a server via SSH, i.e. which public key was used for the user to log in.
SSH_CONNECTION
environment variable gives me the client's IP address.
I would also like to know which public key from authorized_keys
was used and its comment (usually email).
I am looking for a solution without fiddling with sshd
and its logs, so that I would not need to set up the target servers. The only thing known for sure is that the script is run on Ubuntu servers. Also my user doesn't have sudo
rights.
linux ubuntu ssh public-key
I want to find out which SSH user started my script on a server via SSH, i.e. which public key was used for the user to log in.
SSH_CONNECTION
environment variable gives me the client's IP address.
I would also like to know which public key from authorized_keys
was used and its comment (usually email).
I am looking for a solution without fiddling with sshd
and its logs, so that I would not need to set up the target servers. The only thing known for sure is that the script is run on Ubuntu servers. Also my user doesn't have sudo
rights.
linux ubuntu ssh public-key
linux ubuntu ssh public-key
asked Dec 17 '17 at 19:22
warvariucwarvariuc
815611
815611
As the user can't sudo, are they logging in as their OWN user? if so, then why not just look at the user whom started the process? If not, you need to look at the time the shell the user is logged into started, and align that with a login entry in the sshd log.
– djsmiley2k
Dec 17 '17 at 19:49
"I want to find out which SSH user started my script on a server via SSH, i.e. which public key was used for the user to log in." Are you saying that multiple people share a single SSH user account?
– grawity
Dec 17 '17 at 21:44
> Are you saying that multiple people share a single SSH user account? Yes
– warvariuc
Dec 18 '17 at 6:27
add a comment |
As the user can't sudo, are they logging in as their OWN user? if so, then why not just look at the user whom started the process? If not, you need to look at the time the shell the user is logged into started, and align that with a login entry in the sshd log.
– djsmiley2k
Dec 17 '17 at 19:49
"I want to find out which SSH user started my script on a server via SSH, i.e. which public key was used for the user to log in." Are you saying that multiple people share a single SSH user account?
– grawity
Dec 17 '17 at 21:44
> Are you saying that multiple people share a single SSH user account? Yes
– warvariuc
Dec 18 '17 at 6:27
As the user can't sudo, are they logging in as their OWN user? if so, then why not just look at the user whom started the process? If not, you need to look at the time the shell the user is logged into started, and align that with a login entry in the sshd log.
– djsmiley2k
Dec 17 '17 at 19:49
As the user can't sudo, are they logging in as their OWN user? if so, then why not just look at the user whom started the process? If not, you need to look at the time the shell the user is logged into started, and align that with a login entry in the sshd log.
– djsmiley2k
Dec 17 '17 at 19:49
"I want to find out which SSH user started my script on a server via SSH, i.e. which public key was used for the user to log in." Are you saying that multiple people share a single SSH user account?
– grawity
Dec 17 '17 at 21:44
"I want to find out which SSH user started my script on a server via SSH, i.e. which public key was used for the user to log in." Are you saying that multiple people share a single SSH user account?
– grawity
Dec 17 '17 at 21:44
> Are you saying that multiple people share a single SSH user account? Yes
– warvariuc
Dec 18 '17 at 6:27
> Are you saying that multiple people share a single SSH user account? Yes
– warvariuc
Dec 18 '17 at 6:27
add a comment |
2 Answers
2
active
oldest
votes
This information isn't available to you by default. But it can be achieved in a couple of different ways.
As unprivileged user
You can make use of some of the features available in the authorized_keys
file format. The feature I think is most useful to you is environment
.
At the beginning of each line of authorized_keys
in front of the key itself you put a string like this:
environment="SSH_KEY=name"
Where you substitute a different value for name
on each line. This will set an environment variable called SSH_KEY
when that particular line of authorized_keys
is used for authentication. The full set of features you can make use of can be found using man sshd
.
As system administrator
Enable the ExposeAuthInfo
setting in sshd_config
and reload the daemon. Then sshd
will write the information you are looking for to a temporary file. The path to this file can be found in the SSH_USER_AUTH
environment variable.
More information about such settings can be found using man sshd_config
.
add a comment |
/var/log/auth.log will contain en entry like:
Accepted publickey for <userid> from <IP address> port 57762 ssh2: RSA SHA256: <43 random characters>
The "random characters" are the fingerprint of the public key used. You can tell the fingerprints of the keys in your local authorized_keys file using:
ssh-keygen -lf /home/user/.ssh/authorized_keys
which lists the fingerprint of each key together with the key's comment (which is usually an email..)
1
Unfortunately, non-admin users don't have access to that file.
– warvariuc
Dec 18 '17 at 6:28
This answer is just what I needed. I am surprised that I found it on Super User and not Server Fault.
– kasperd
Jan 30 at 13:26
@warvariuc You are right, this does not answer your question. It is still a very useful answer, just not for your particular question. What you are looking for is an environment variable containing the same string that was written to the log. I don't know if such an environment variable exists.
– kasperd
Jan 30 at 13:29
@warvariuc I checked a couple of Ubuntu 18.04 systems. And no such environment variable exists by default. There is however aExposeAuthInfo
setting which is disabled by default, but could be enabled to achieve this. However I just recalled that there is another way to achieve this which doesn't require changes tosshd_config
. I have written an answer detailing both solutions.
– kasperd
Jan 30 at 13:57
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1277942%2fssh-user-public-key-info%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
This information isn't available to you by default. But it can be achieved in a couple of different ways.
As unprivileged user
You can make use of some of the features available in the authorized_keys
file format. The feature I think is most useful to you is environment
.
At the beginning of each line of authorized_keys
in front of the key itself you put a string like this:
environment="SSH_KEY=name"
Where you substitute a different value for name
on each line. This will set an environment variable called SSH_KEY
when that particular line of authorized_keys
is used for authentication. The full set of features you can make use of can be found using man sshd
.
As system administrator
Enable the ExposeAuthInfo
setting in sshd_config
and reload the daemon. Then sshd
will write the information you are looking for to a temporary file. The path to this file can be found in the SSH_USER_AUTH
environment variable.
More information about such settings can be found using man sshd_config
.
add a comment |
This information isn't available to you by default. But it can be achieved in a couple of different ways.
As unprivileged user
You can make use of some of the features available in the authorized_keys
file format. The feature I think is most useful to you is environment
.
At the beginning of each line of authorized_keys
in front of the key itself you put a string like this:
environment="SSH_KEY=name"
Where you substitute a different value for name
on each line. This will set an environment variable called SSH_KEY
when that particular line of authorized_keys
is used for authentication. The full set of features you can make use of can be found using man sshd
.
As system administrator
Enable the ExposeAuthInfo
setting in sshd_config
and reload the daemon. Then sshd
will write the information you are looking for to a temporary file. The path to this file can be found in the SSH_USER_AUTH
environment variable.
More information about such settings can be found using man sshd_config
.
add a comment |
This information isn't available to you by default. But it can be achieved in a couple of different ways.
As unprivileged user
You can make use of some of the features available in the authorized_keys
file format. The feature I think is most useful to you is environment
.
At the beginning of each line of authorized_keys
in front of the key itself you put a string like this:
environment="SSH_KEY=name"
Where you substitute a different value for name
on each line. This will set an environment variable called SSH_KEY
when that particular line of authorized_keys
is used for authentication. The full set of features you can make use of can be found using man sshd
.
As system administrator
Enable the ExposeAuthInfo
setting in sshd_config
and reload the daemon. Then sshd
will write the information you are looking for to a temporary file. The path to this file can be found in the SSH_USER_AUTH
environment variable.
More information about such settings can be found using man sshd_config
.
This information isn't available to you by default. But it can be achieved in a couple of different ways.
As unprivileged user
You can make use of some of the features available in the authorized_keys
file format. The feature I think is most useful to you is environment
.
At the beginning of each line of authorized_keys
in front of the key itself you put a string like this:
environment="SSH_KEY=name"
Where you substitute a different value for name
on each line. This will set an environment variable called SSH_KEY
when that particular line of authorized_keys
is used for authentication. The full set of features you can make use of can be found using man sshd
.
As system administrator
Enable the ExposeAuthInfo
setting in sshd_config
and reload the daemon. Then sshd
will write the information you are looking for to a temporary file. The path to this file can be found in the SSH_USER_AUTH
environment variable.
More information about such settings can be found using man sshd_config
.
edited Jan 30 at 13:55
answered Jan 30 at 13:39
kasperdkasperd
2,64111126
2,64111126
add a comment |
add a comment |
/var/log/auth.log will contain en entry like:
Accepted publickey for <userid> from <IP address> port 57762 ssh2: RSA SHA256: <43 random characters>
The "random characters" are the fingerprint of the public key used. You can tell the fingerprints of the keys in your local authorized_keys file using:
ssh-keygen -lf /home/user/.ssh/authorized_keys
which lists the fingerprint of each key together with the key's comment (which is usually an email..)
1
Unfortunately, non-admin users don't have access to that file.
– warvariuc
Dec 18 '17 at 6:28
This answer is just what I needed. I am surprised that I found it on Super User and not Server Fault.
– kasperd
Jan 30 at 13:26
@warvariuc You are right, this does not answer your question. It is still a very useful answer, just not for your particular question. What you are looking for is an environment variable containing the same string that was written to the log. I don't know if such an environment variable exists.
– kasperd
Jan 30 at 13:29
@warvariuc I checked a couple of Ubuntu 18.04 systems. And no such environment variable exists by default. There is however aExposeAuthInfo
setting which is disabled by default, but could be enabled to achieve this. However I just recalled that there is another way to achieve this which doesn't require changes tosshd_config
. I have written an answer detailing both solutions.
– kasperd
Jan 30 at 13:57
add a comment |
/var/log/auth.log will contain en entry like:
Accepted publickey for <userid> from <IP address> port 57762 ssh2: RSA SHA256: <43 random characters>
The "random characters" are the fingerprint of the public key used. You can tell the fingerprints of the keys in your local authorized_keys file using:
ssh-keygen -lf /home/user/.ssh/authorized_keys
which lists the fingerprint of each key together with the key's comment (which is usually an email..)
1
Unfortunately, non-admin users don't have access to that file.
– warvariuc
Dec 18 '17 at 6:28
This answer is just what I needed. I am surprised that I found it on Super User and not Server Fault.
– kasperd
Jan 30 at 13:26
@warvariuc You are right, this does not answer your question. It is still a very useful answer, just not for your particular question. What you are looking for is an environment variable containing the same string that was written to the log. I don't know if such an environment variable exists.
– kasperd
Jan 30 at 13:29
@warvariuc I checked a couple of Ubuntu 18.04 systems. And no such environment variable exists by default. There is however aExposeAuthInfo
setting which is disabled by default, but could be enabled to achieve this. However I just recalled that there is another way to achieve this which doesn't require changes tosshd_config
. I have written an answer detailing both solutions.
– kasperd
Jan 30 at 13:57
add a comment |
/var/log/auth.log will contain en entry like:
Accepted publickey for <userid> from <IP address> port 57762 ssh2: RSA SHA256: <43 random characters>
The "random characters" are the fingerprint of the public key used. You can tell the fingerprints of the keys in your local authorized_keys file using:
ssh-keygen -lf /home/user/.ssh/authorized_keys
which lists the fingerprint of each key together with the key's comment (which is usually an email..)
/var/log/auth.log will contain en entry like:
Accepted publickey for <userid> from <IP address> port 57762 ssh2: RSA SHA256: <43 random characters>
The "random characters" are the fingerprint of the public key used. You can tell the fingerprints of the keys in your local authorized_keys file using:
ssh-keygen -lf /home/user/.ssh/authorized_keys
which lists the fingerprint of each key together with the key's comment (which is usually an email..)
answered Dec 17 '17 at 21:06
xenoidxenoid
3,9573719
3,9573719
1
Unfortunately, non-admin users don't have access to that file.
– warvariuc
Dec 18 '17 at 6:28
This answer is just what I needed. I am surprised that I found it on Super User and not Server Fault.
– kasperd
Jan 30 at 13:26
@warvariuc You are right, this does not answer your question. It is still a very useful answer, just not for your particular question. What you are looking for is an environment variable containing the same string that was written to the log. I don't know if such an environment variable exists.
– kasperd
Jan 30 at 13:29
@warvariuc I checked a couple of Ubuntu 18.04 systems. And no such environment variable exists by default. There is however aExposeAuthInfo
setting which is disabled by default, but could be enabled to achieve this. However I just recalled that there is another way to achieve this which doesn't require changes tosshd_config
. I have written an answer detailing both solutions.
– kasperd
Jan 30 at 13:57
add a comment |
1
Unfortunately, non-admin users don't have access to that file.
– warvariuc
Dec 18 '17 at 6:28
This answer is just what I needed. I am surprised that I found it on Super User and not Server Fault.
– kasperd
Jan 30 at 13:26
@warvariuc You are right, this does not answer your question. It is still a very useful answer, just not for your particular question. What you are looking for is an environment variable containing the same string that was written to the log. I don't know if such an environment variable exists.
– kasperd
Jan 30 at 13:29
@warvariuc I checked a couple of Ubuntu 18.04 systems. And no such environment variable exists by default. There is however aExposeAuthInfo
setting which is disabled by default, but could be enabled to achieve this. However I just recalled that there is another way to achieve this which doesn't require changes tosshd_config
. I have written an answer detailing both solutions.
– kasperd
Jan 30 at 13:57
1
1
Unfortunately, non-admin users don't have access to that file.
– warvariuc
Dec 18 '17 at 6:28
Unfortunately, non-admin users don't have access to that file.
– warvariuc
Dec 18 '17 at 6:28
This answer is just what I needed. I am surprised that I found it on Super User and not Server Fault.
– kasperd
Jan 30 at 13:26
This answer is just what I needed. I am surprised that I found it on Super User and not Server Fault.
– kasperd
Jan 30 at 13:26
@warvariuc You are right, this does not answer your question. It is still a very useful answer, just not for your particular question. What you are looking for is an environment variable containing the same string that was written to the log. I don't know if such an environment variable exists.
– kasperd
Jan 30 at 13:29
@warvariuc You are right, this does not answer your question. It is still a very useful answer, just not for your particular question. What you are looking for is an environment variable containing the same string that was written to the log. I don't know if such an environment variable exists.
– kasperd
Jan 30 at 13:29
@warvariuc I checked a couple of Ubuntu 18.04 systems. And no such environment variable exists by default. There is however a
ExposeAuthInfo
setting which is disabled by default, but could be enabled to achieve this. However I just recalled that there is another way to achieve this which doesn't require changes to sshd_config
. I have written an answer detailing both solutions.– kasperd
Jan 30 at 13:57
@warvariuc I checked a couple of Ubuntu 18.04 systems. And no such environment variable exists by default. There is however a
ExposeAuthInfo
setting which is disabled by default, but could be enabled to achieve this. However I just recalled that there is another way to achieve this which doesn't require changes to sshd_config
. I have written an answer detailing both solutions.– kasperd
Jan 30 at 13:57
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1277942%2fssh-user-public-key-info%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
As the user can't sudo, are they logging in as their OWN user? if so, then why not just look at the user whom started the process? If not, you need to look at the time the shell the user is logged into started, and align that with a login entry in the sshd log.
– djsmiley2k
Dec 17 '17 at 19:49
"I want to find out which SSH user started my script on a server via SSH, i.e. which public key was used for the user to log in." Are you saying that multiple people share a single SSH user account?
– grawity
Dec 17 '17 at 21:44
> Are you saying that multiple people share a single SSH user account? Yes
– warvariuc
Dec 18 '17 at 6:27