SSH FingerprintLogging

From Lolly's Wiki
Revision as of 06:36, 16 January 2025 by Lollypop (talk | contribs) (→‎Add magic to your .bashrc)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

SSH Fingerprintlogging

Why logging fingerprints?

It is just for the possibility of setting the Bash HISTFILE per logged in user.

Add magic to your .bashrc

  • ~/.bashrc
...
FINGERPRINT=$([ -z "${SSH_CLIENT}" ] || { ssh_client_array=( ${SSH_CLIENT} ); [ -z "${SSH_CLIENT}" ] || journalctl --lines=100 --grep "Accepted publickey for .* ${ssh_client_array[0]} port ${ssh_client_array[1]} ssh2:" --no-pager --quiet --unit=ssh.service | awk 'END{print $NF}' ; })
export HISTFILE=~/.bash_history_${FINGERPRINT:-${SUDO_USER:-default}}
...

This greps the last line matching the current ssh client IP and port from ssh.service journal and sets the last field (what is the hash/fingerprint of the accepted public key) as FINGERPRINT. Then it sets the HISTFILE to whatever is set: $FINGERPRINT, $SUDO_USER or "-default".

Retrieved from "https://lars.timmann.de/wiki/index.php?title=SSH_FingerprintLogging&oldid=2808"