Results 1 to 3 of 3
Hi all, I wanted to secure my host servers completely, all are Centos-cPanel running servers. One of the basic thing is SSH. They are currently enabled with keyauthentication and password ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 07-14-2014 #1
- Join Date
- Nov 2013
How to check which user with public key has logged in server via ssh?
Now I am just curious and wanted to know how I can check which user login in with which public key of them. All I can see in the /var/log/secure log is as follows:
Jul 14 02:48:05 serverxxx sshd: Accepted publickey for root from 192.x.x.x port 59445 ssh2
Jul 14 02:48:17 serverxxx sshd: Received disconnect from 192.x.x.x: 11: disconnected by user
I did not find it that useful. Yes offcourse we get the IP here, but all of my users are using dynamic IPs and different ISPs, so it changes everytime. Is there anyway to check which public key has accessed root via ssh??
I already tried enabling "LogLevel INFO" and "LogLevel VERBOSE" in the sshd_config after checking some public urls, but nothing changes of logging in secure log.
- 07-14-2014 #2
LogLevel VERBOSE requires a sshd restart.
And it does work, I just verified that on a debian wheezy.
However, I would suggest to deny remote root login altogether and instead have a personalized account for each user.
This has advantages
- each user can have his/her own environment (favourite editor, shell, etc)
- each admin user can escalate via sudo config
- you need three tokens instead of two to gain root, which increases security: keypair and passphrase vs keypair, passphrase and user password
Local root login should still work, in case user logins are unavailable for whatever reason or if there is need to boot into init 1.
And while admin logins are necessary for quick intervention, we have the rule to not change anything interactively via a shell.
All modifications must be done via puppet, revisioned by git and peer reviewed.
This way, all machines stay fully controlled and maintainable.
aka: There will be no "uniqe snowflakes", which nobody understands anymore because of <unknown number> of modifications.You must always face the curtain with a bow.
- 07-14-2014 #3
- Join Date
- Nov 2013