Ssh – Is SSH logging capabilities equivalent to su logging for private/public key authentication

authenticationloggingSecuritysshunix

Here at work, we have a non-root shared login account on UNIX that is used to admin a particular application. The policy is to not allow direct logins to the shared account; you must login as yourself and use the "su" command to change over to the shared account. This is for logging/security purposes.

I've started using SSH public/private key authentication with an agent to allow me to enter my password once a day and let the agent forwarding eliminate the password prompts for the rest of the day. It is really nice.

However, some systems are locked down so I really have to use the "su" command to get to the shared account. Arg! Back to entering passwords all the time!

Is there enough info logged with SSH public/private key authentication such that I could have a reasonable chance of requesting a policy change to allow remote logins to a shared account if public/private keys are used?

I had an admin look in /var/log/secure and it just says that a public key was accepted for a user account from a particular IP address. It didn't say who's public key it was, or who's private key did the authentication.

Best Answer

There are many levels of logging available through the sshd_config file. See the man page and look for LogLevel. The default level is INFO but it's trivially easy to bump it up to VERBOSE or even one of the DEBUG# levels.

Additionally, you should explore sudo as an alternative to su. A full discussion of the benefits of sudo would be a question of its own. But I can say that with sudo you can tailor how often you have to enter your password, which commands may be run, etc., all controllable through the sudoers config file.

Related Solutions

Linux – How to: SSH private key authentication on OS X

First of all, the key pair should be generated by you. Your private key is yours, it doesn't belong to anyone else. You should generate the keys and give the public key to the server admin who would install it in the server.

Public key authentication is described in here.

On the other hand, the ssh command you're typing seems ok. What's the error output on your side? And on the server side?

What happens when you telnet that server on port 22?

telnet host 22

EDIT: Edited the answer after the feedback. It seems that the server doesn't have port 22 opened to your ip as the telnet timed out. Probably is closed in the firewall or something similar. Talk to the server admin and show him this debug :)

Git for Windows – How to Tell Git Where to Find Private RSA Key

For Git Bash

If you are running msysgit (I am assuming you are) and are looking to run Git Bash (I recommend it over TortoiseGit, but I lean to the CLI more than GUI now), you need to figure out what your home directory is for Git Bash by starting it then type pwd (On Windows 7, it will be something like C:\Users\phsr I think). While you're in Git Bash, you should mkdir .ssh.

After you have the home directory, and a .ssh folder under that, you want to open PuTTYgen and open the key (.ppk file) you have previously created. Once your key is open, you want to select Conversions -> Export OpenSSH key and save it to HOME\.ssh\id_rsa. After you have the key at that location, Git Bash will recognize the key and use it.

Note: Comments indicate that this doesn't work in all cases. You may need to copy the OpenSSH key to Program Files\Git\.ssh\id_rsa (or Program Files (x86)\Git\.ssh\id_rsa).

For TortoiseGit

When using TortoiseGit, you need to set the SSH key via pacey's directions. You need to do that for every repository you are using TortoiseGit with.