Here at work, we have a non-root shared login account on UNIX that is used to admin a particular application. The policy is to not allow direct logins to the shared account; you must login as yourself and use the "su" command to change over to the shared account. This is for logging/security purposes.
I've started using SSH public/private key authentication with an agent to allow me to enter my password once a day and let the agent forwarding eliminate the password prompts for the rest of the day. It is really nice.
However, some systems are locked down so I really have to use the "su" command to get to the shared account. Arg! Back to entering passwords all the time!
Is there enough info logged with SSH public/private key authentication such that I could have a reasonable chance of requesting a policy change to allow remote logins to a shared account if public/private keys are used?
I had an admin look in /var/log/secure and it just says that a public key was accepted for a user account from a particular IP address. It didn't say who's public key it was, or who's private key did the authentication.
Best Answer
There are many levels of logging available through the
sshd_config
file. See the man page and look forLogLevel
. The default level isINFO
but it's trivially easy to bump it up toVERBOSE
or even one of theDEBUG#
levels.Additionally, you should explore
sudo
as an alternative tosu
. A full discussion of the benefits ofsudo
would be a question of its own. But I can say that withsudo
you can tailor how often you have to enter your password, which commands may be run, etc., all controllable through the sudoers config file.