Page MenuHomePhabricator

Log when a user's SSH keys are used and what IP accessed them
Closed, ResolvedPublic

Description

I find I have a lot of SSH keys on my account, but I'm not really sure where they're all from. Being able to see a list of when they were last used and what IP addresses used them would be good for finding old and unused SSH keys (so I can remove them).

Event Timeline

hach-que raised the priority of this task from to Needs Triage.
hach-que updated the task description. (Show Details)
hach-que added projects: Diffusion, Phabricator.
hach-que added a subscriber: hach-que.

We can do this in bin/ssh-auth by adding a --phabricator-ssh-key parameter into the commands we construct. This will then be passed to bin/ssh-exec, which can read it and write log information.

epriestley triaged this task as Normal priority.Apr 24 2014, 2:11 PM
epriestley added a project: Auth.
epriestley claimed this task.

I believe this has been supported since D11543, in 2015. Specifically, log.ssh.format supports %k, and it appears to work as expected.