About SSH_USER_AUTH

by Devin Yang
(This article was automatically translated.)

Published - 1 year ago ( Updated - 1 year ago )

After OpenSSH 7.6, you can use Add to the configuration file of sshd_config
ExposeAuhtInfo yes parameters, restart sshd, and then log in,
There will be an environment variable $SSH_USER_AUTH
This function will be written into a temporary file in tmp, the file contains the login public key

as shown below:

dlaravel@654c1c7fca4b:~$ env| grep SSH
SSH_USER_AUTH=/tmp/sshauth.vWH6DS7R8VSTwrx
SSH_CONNECTION=192.168.88.244 52377 172.29.0.3 22
SSH_CLIENT=192.168.88.244 52377 22
SSH_TTY=/dev/pts/0

You can cat variables to see

cat $SSH_USER_AUTH
publickey ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIKdlWExfqzI8Yo2WxisQIGizaOx9hYKfnstSsyg6T+1

Some people may ask, what can this do, when a bunch of people log in to the same account on the remote host,
For me, From the temporary file, I can know who used which OpenSSH public key to log in to the host. 

dlaravel@7661c008b271:/tmp$ ls -lh sshauth.*
-rw------- 1 dlaravel dlaravel 91 Dec 10 12:16 sshauth.qKAzxWvnbGmaT01
-rw------- 1 dlaravel dlaravel 91 December 10 12:16 sshauth.Qvxh5tjKX6z0ZvW


Schematic diagram, for example, who and whom are the two logins below , you can see it with the temporary file. 

dlaravel@7661c008b271:/tmp$ w
 12:27:49 up 44 days, 3:48, 2 users, load average: 0.11, 0.07, 0.01
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
dlaravel pts/0 192.168.88.244 12:16 1.00s 0.01s 0.00s w
dlaravel pts/2 192.168.88.86 12:27 7.00s 0.00s 0.00s -bash

Tags: ssh security config

Devin Yang

Feel free to ask me, if you don't get it.:)

Follow

No Comment

Post your comment

Login is required to leave comments

Similar Stories


城堡
linux,config

Ubuntu ppp0 renamed eth0

Not sure who will use it, but I encountered it myself, because my home is a floating IP. A software I installed cannot detect that the ppp0 network card is an external network, so changing the name can trick him into successfully installing it.

城堡
config,ssl,certbot

Apache and Nginx's ACME authentication pass kill

Some people may be curious about what to do with this. Let me briefly explain my situation. The super old host cannot install HAProxy or certbo without Docker, only apache and nginx. But I need to automatically apply for and update the certificate on the host, so I let the host mount the folder on another host that can run the certbot program through NFS, so that the verification file generated by him can be directly generated on the old host /home In the /nginx/acme-challenge/.well-known/acme-challenge/ directory, the web page can be successfully verified and the certificate can be obtained. When there are a bunch of vhosts, you can all eat the same folder, instead of creating a directory for each vhost website.

城堡
docker, goaccess, config

phpenv actual combat GoAccess is real website analysis (docker version)

Before I start, let me say that GoAccess can also generate static data as long as you have a log, because I think the real-time feeling is more dazzling, so this article will focus on the part of GoAccess real-time display. Although Google Analytics (GA) is very useful, it is also very good to try another GA. For example, you want to know which browsers website users use to visit the website.