Page MenuHomePhabricator
Create Task
Maniphest T4842

Log when a user's SSH keys are used and what IP accessed them
Closed, ResolvedPublic
Actions

Description

I find I have a lot of SSH keys on my account, but I'm not really sure where they're all from. Being able to see a list of when they were last used and what IP addresses used them would be good for finding old and unused SSH keys (so I can remove them).

Revisions and Commits

rP Phabricator
D8856rP320be1a1b8d4 Modernize user activity logs (ApplicationSearch, policies)

Related Objects

Event Timeline

hach-que created this task.Apr 21 2014, 2:37 AM
hach-que raised the priority of this task from to Needs Triage.
hach-que updated the task description. (Show Details)
hach-que added projects: Diffusion, Phabricator.
hach-que added a subscriber: hach-que.
epriestley added a subscriber: epriestley.Apr 21 2014, 5:09 PM

We can do this in bin/ssh-auth by adding a --phabricator-ssh-key parameter into the commands we construct. This will then be passed to bin/ssh-exec, which can read it and write log information.

epriestley triaged this task as Normal priority.Apr 24 2014, 2:11 PM
epriestley added a project: Auth.
epriestley edited this Maniphest Task.Apr 24 2014, 7:00 PM
epriestley edited this Maniphest Task.Apr 28 2014, 12:31 AM
epriestley added a project: Security.Aug 22 2014, 8:16 PM
revi added a subscriber: revi.Oct 25 2014, 2:04 PM
chad removed a project: Phabricator.Nov 3 2014, 2:41 AM
epriestley mentioned this in T11951: Make conduit more secure.Dec 5 2016, 6:43 PM
epriestley mentioned this in T13046: Surface repository pull logs in the web UI.Jan 23 2018, 12:00 AM
epriestley closed this task as Resolved.Jan 23 2018, 12:17 AM
epriestley claimed this task.

I believe this has been supported since D11543, in 2015. Specifically, log.ssh.format supports %k, and it appears to work as expected.

Herald added subscribers: cburroughs, andypuettmann, eadler. · View Herald TranscriptJan 23 2018, 12:17 AM
Phabricator · Built by Phacility