14

Let's say I want to track my root users. Each of them has a unique private key and their public keys have been stored in /root/.ssh/authorized_keys.

Given that each user logs in with their unique key how can I tell from within a BASH session which key was used to authenticate? I've tried looking at the environment variables when I log in but cannot see anything that correlates my session with my public key.

PP.
  • 3,316
  • 6
  • 27
  • 31
  • Slightly related: setting LogLevel VERBOSE in your (openssh) sshd_config will log the fingerprint of the key used to login. – andol Apr 06 '14 at 15:02

1 Answers1

21

You could add the username to the public key in ~/.ssh/authorized_keys on the server and export it as an environment value:

environment="REALUSER=realusername" ssh-dsa AAA...

That will set the environment variable REALUSER which will then be available to use in bash. This will only work if PermitUserEnvironment is set to true in sshd_config

kasperd
  • 30,455
  • 17
  • 76
  • 124
Jenny D
  • 27,780
  • 21
  • 75
  • 114
  • Whoah.. really? Cool! You mean in `~/.ssh/authorized_keys`? I never knew about this. – PP. Sep 20 '13 at 10:17
  • 5
    Yep, that's it. You can do a whole lot of interesting things there - `man ssh` will tell you more under the heading `AUTHORIZED_KEYS FILE FORMAT`. – Jenny D Sep 20 '13 at 10:19
  • 4
    It might depend on the version, but I had to use `man sshd` to find the `AUTHORIZED_KEYS FILE FORMAT` section. – Matthew Crumley Sep 20 '13 at 15:06
  • 2
    Be aware that enabling PermitUserEnvironment has some security implications. Read man sshd – Florin Andrei Nov 15 '14 at 01:22