About SSH_USER_AUTH

by Devin Yang
(This article was automatically translated.)

Published - 2 years ago ( Updated - 2 years ago )

After OpenSSH 7.6, you can use Add to the configuration file of sshd_config
ExposeAuhtInfo yes parameters, restart sshd, and then log in,
There will be an environment variable $SSH_USER_AUTH
This function will be written into a temporary file in tmp, the file contains the login public key

as shown below:

dlaravel@654c1c7fca4b:~$ env| grep SSH
SSH_USER_AUTH=/tmp/sshauth.vWH6DS7R8VSTwrx
SSH_CONNECTION=192.168.88.244 52377 172.29.0.3 22
SSH_CLIENT=192.168.88.244 52377 22
SSH_TTY=/dev/pts/0

You can cat variables to see

cat $SSH_USER_AUTH
publickey ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIKdlWExfqzI8Yo2WxisQIGizaOx9hYKfnstSsyg6T+1

Some people may ask, what can this do, when a bunch of people log in to the same account on the remote host,
For me, From the temporary file, I can know who used which OpenSSH public key to log in to the host. 

dlaravel@7661c008b271:/tmp$ ls -lh sshauth.*
-rw------- 1 dlaravel dlaravel 91 Dec 10 12:16 sshauth.qKAzxWvnbGmaT01
-rw------- 1 dlaravel dlaravel 91 December 10 12:16 sshauth.Qvxh5tjKX6z0ZvW


Schematic diagram, for example, who and whom are the two logins below , you can see it with the temporary file. 

dlaravel@7661c008b271:/tmp$ w
 12:27:49 up 44 days, 3:48, 2 users, load average: 0.11, 0.07, 0.01
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
dlaravel pts/0 192.168.88.244 12:16 1.00s 0.01s 0.00s w
dlaravel pts/2 192.168.88.86 12:27 7.00s 0.00s 0.00s -bash

Tags: ssh security config

Devin Yang

Feel free to ask me, if you don't get it.:)

Follow

No Comment

Post your comment

Login is required to leave comments

Similar Stories


城堡
linux,system,config

Fix the problem that CentOS6.x can no longer be updated

There may still be some old programs in some places, which can only run the old system. But you want to be able to execute and install some desired packages, you may try this method. Please note that if this system is important to you, please evaluate it yourself. It is recommended that you have a Docker environment and have a backup image before trying it.

城堡
security,config

Raspberry Pi fail2ban installation notes

My mainframe basically has remote logs set up, and all of them are sent to the log center on the Synology NAS. Among them, there is a Raspberry Pi that is used as a router, and there will be a bunch of sshd verification attempts to log in. Basically, I only allow public key verification, so I don’t want to use passwords to brute force it, but a bunch of logs of verification failures are really good. Hate.

城堡
config,vim

Chinese environment of Vim on Ubuntu

If Vim is set to Chinese environment, but Ubuntu is not set to zh_TW.UTF-8 during installation, how to install this environment?