Several developers using a shared account on a test server, using public key authentication.
Is there any way to find out which key was used for authentication (e.g. the keys comment)?
Linux – How to find out which key was used for public key authentication
authenticationlinuxpublic-keyssh
Related Topic
- Linux – Speed up public key authentication (linux)
- Git for Windows – How to Tell Git Where to Find Private RSA Key
- SSH Public Key – Multiple Public Keys for One User
- OpenSSH – Logging Public Key Used in Authentication
- Linux – How to make ssh connection between servers using public-key authentication
- Ssh – use Public-Key Authentication for SSH
- Windows – Public Key Authentication Not Working on Windows 10 Professional
Best Answer
Are you wanting to find this out after something that has already happened (forensics) or are you wanting to make it so that you can log who does what?
For forensics: On my Fedora system,
/var/log/securecontains records of each public key authentication and username, but doesn't say which key was used. You're probably out of luck hereFor future auditability: You can use the
authorized_keysfile to set the commands each login is restricted to, and then run a program that logs the authentication (and possibly subsequent commands, using something like sudoscript):It must be said though, it probably makes more sense to set up multiple accounts, and then set up a shared access area...