Created
August 2, 2018 23:18
-
-
Save jrwarwick/6cff552425b35d6a1f48c49cd5bef51b to your computer and use it in GitHub Desktop.
Portable quick review of the /var/log/authlog file, particularly for when users are logging in with SSH keys
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/bash | |
| # requires sshd logging in verbose level | |
| # recommended usage: | |
| # ./fp && egrep 'Accepted publickey|Found matching' /var/log/authlog | |
| while read l; do | |
| #[[ -n $l && ${l###} = $l ]] && echo -n "$l: " | cut -f3 -d' ' && echo $l > /tmp/ssh.key.fingerprint.$EUID.$BASHPID && ssh-keygen -l -f /tmp/ssh.key.fingerprint.$EUID.$BASHPID | |
| if [[ -n $l && ${l###} = $l ]] ; then | |
| TAG="$( echo -n "$l" | cut -f3 -d' ' )" | |
| TMPFILE="/tmp/${EUID}.${BASHPID}__ssh.key.fingerprint.$TAG" | |
| echo $l > $TMPFILE | |
| ssh-keygen -l -f $TMPFILE | |
| fi | |
| done < .ssh/authorized_keys | |
| echo "--------------------------------------------------------------------------------" | |
| egrep "Accepted publickey|Found matching|'su " /var/log/authlog |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment