I am using one ssh account for all my Subversion users. They send me their public keys and I put them in .ssh/authorized_key of the svn account, then they can check out the code from Subversion using ssh tunnel.
So far everything works fine. The problem though is that I want to invalidate keys that have not been used for some time (say one month). Does anyone know a way to make sshd log the public key when a user signs in?
Thanks.
Best Answer
Everything is documented in sshd(8), under "AUTHORIZED_KEYS FILE FORMAT" section.
In .ssh/authorized_keys2 add something like
environment="SSHKEY=1"at beginning of each line, so it should looks like:Enable
PermitUserEnvironmentoption in /etc/ssh/sshd_config and restart sshd. Now you can add something likeecho $SSHKEY >>.sshlogto ~/.bashrc for logging used ssh keys.But I think much ease way is backup authorized_keys2 file, remove all keys from it, and just wait until people call/email/im you asking why svn doesn't work. Then you can either restore their key or ask them to resend their keys to you if you unsure which key belong to who. As side effect you'll know who is really working. :)