|
Home > Archive > Unix Shell > August 2006 > Which public key was used?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Which public key was used?
|
|
| danrumney@warpmail.net 2006-08-19, 7:21 pm |
| Hi all,
I have a server that is used by a number of people.
Each person has their own user id, but there are a number of IDs that
all people can use.
They access the server via SSH using public/private key authentication.
Is there a way to determine, from the shell, which public/private key
was used to authenticate the user?
Thanks,
Dan Rumney
| |
| Stachu 'Dozzie' K. 2006-08-19, 7:21 pm |
| On 19.08.2006, danrumney@warpmail.net <danrumney@warpmail.net> wrote:
> I have a server that is used by a number of people.
>
> Each person has their own user id, but there are a number of IDs that
> all people can use.
>
> They access the server via SSH using public/private key authentication.
>
> Is there a way to determine, from the shell, which public/private key
> was used to authenticate the user?
No, and I doubt that it's possible from any language.
You shouldn't give access to single account to many people.
Impossibility of determination who was doing what is one of reasons.
--
<Kosma> Niektórzy lubi± dozziego...
<Kosma> Oczywi¶cie szanujemy ich.
Stanislaw Klekot
| |
| danrumney@warpmail.net 2006-08-19, 7:21 pm |
| > On 19.08.2006, danrumney@warpmail.net <danrumney@warpmail.net> wrote:
>
> No, and I doubt that it's possible from any language.
> You shouldn't give access to single account to many people.
> Impossibility of determination who was doing what is one of reasons.
I do need to give access to a single account to many people.
I'm creating a mock-up of a pre-existing server which has this
interface (one ID, many people).
I don't need to determine who was doing what, because this user id has
very few permissions.
I can probably work something out by using the person's IP address and
will resort to that if it is, indeed, impossible to determine which key
was used
Dan Rumney
| |
| danrumney@warpmail.net 2006-08-20, 1:21 am |
| OK, the method I was going to use to find out the logged on users's IP
address was to use "who -m" and "host" to determine it. (This is a Red
Hat box)
Unfortunately, this falls over if the user uses ssh to simply submit a
command.
"who -m" in this instance returns nothing.
So, can anyone advise on how to determine the current user's IP
address?
Thanks,
Dan Rumney
| |
| Bill Marcum 2006-08-20, 1:21 am |
| On 19 Aug 2006 18:10:26 -0700, danrumney@warpmail.net
<danrumney@warpmail.net> wrote:
> OK, the method I was going to use to find out the logged on users's IP
> address was to use "who -m" and "host" to determine it. (This is a Red
> Hat box)
>
> Unfortunately, this falls over if the user uses ssh to simply submit a
> command.
> "who -m" in this instance returns nothing.
>
> So, can anyone advise on how to determine the current user's IP
> address?
>
netstat -tnp
--
The clothes have no emperor.
-- C.A.R. Hoare, commenting on ADA.
| |
| danrumney@warpmail.net 2006-08-20, 7:22 pm |
| > netstat -tnp
Thanks,
That lists all the current connections, but this user id doesn't have
root privelige, so the PIDs aren't shown.
Right know, I can't think how I could take that and determine the IP
address that the current user is connecting from.
Any suggestion are welcome... i'm still searching the net and
scratching my head
Dan
| |
| danrumney@warpmail.net 2006-08-21, 1:34 pm |
| c.o.l.security pointed out that $SSH_CLIENT is set with the client's IP
address
Thanks all,
Dan Rumney
|
|
|
|
|