How to check which user with public key has logged in server via ssh?
Hi all, I wanted to secure my host servers completely, all are Centos-cPanel running servers. One of the basic thing is SSH. They are currently enabled with keyauthentication and password authentication is disabled on the other hand. I have few admins working under me for managing my servers, and all of them got root privilege using key based authentication. They got their own public keys and added in all of my servers in the file /root/.ssh/authorized_keys
Now I am just curious and wanted to know how I can check which user login in with which public key of them. All I can see in the /var/log/secure log is as follows:
=============
Jul 14 02:48:05 serverxxx sshd[428512]: Accepted publickey for root from 192.x.x.x port 59445 ssh2
Jul 14 02:48:17 serverxxx sshd[428512]: Received disconnect from 192.x.x.x: 11: disconnected by user
=============
I did not find it that useful. Yes offcourse we get the IP here, but all of my users are using dynamic IPs and different ISPs, so it changes everytime. Is there anyway to check which public key has accessed root via ssh?? :rolleyes:
I already tried enabling "LogLevel INFO" and "LogLevel VERBOSE" in the sshd_config after checking some public urls, but nothing changes of logging in secure log.
-
I would advise you create unprivileged (normal) user accounts for each admin. Use one key per user account, and then give those account sudo privileges where needed. 0 -
[quote="quizknows, post: 1685511">I would advise you create unprivileged (normal) user accounts for each admin. Use one key per user account, and then give those account sudo privileges where needed.
Thanks for the help brother0 -
I am happy to see the advice you received was helpful. I am marking this thread as [Resolved]. Thank you. 0
Please sign in to leave a comment.
Comments
3 comments