SSH Fingerprintlogging

Why logging fingerprints?

It is just for the possibility of setting the Bash HISTFILE per logged in user.

Add magic to your .bashrc

• ~/.bashrc

...
FINGERPRINT=$([ -z "${SSH_CLIENT}" ] || { ssh_client_array=( ${SSH_CLIENT} ); [ -z "${SSH_CLIENT}" ] || journalctl --lines=100 --grep "Accepted publickey for .* ${ssh_client_array[0]} port ${ssh_client_array[1]} ssh2:" --no-pager --quiet --unit=ssh.service | awk 'END{print $NF}' ; })
export HISTFILE=~/.bash_history_${FINGERPRINT:-${SUDO_USER:-default}}
...

This greps the last line matching the current ssh client IP and port from ssh.service journal and sets the last field (what is the hash/fingerprint of the accepted public key) as FINGERPRINT. Then it sets the HISTFILE to whatever is set: $FINGERPRINT, $SUDO_USER or "-default".