The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to check which user with public key has logged in server via ssh?

Discussion in 'Security' started by penguinbliss, Jul 14, 2014.

  1. penguinbliss

    penguinbliss Member

    Joined:
    Jul 3, 2012
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi all, I wanted to secure my host servers completely, all are Centos-cPanel running servers. One of the basic thing is SSH. They are currently enabled with keyauthentication and password authentication is disabled on the other hand. I have few admins working under me for managing my servers, and all of them got root privilege using key based authentication. They got their own public keys and added in all of my servers in the file /root/.ssh/authorized_keys

    Now I am just curious and wanted to know how I can check which user login in with which public key of them. All I can see in the /var/log/secure log is as follows:

    =============
    Jul 14 02:48:05 serverxxx sshd[428512]: Accepted publickey for root from 192.x.x.x port 59445 ssh2
    Jul 14 02:48:17 serverxxx sshd[428512]: Received disconnect from 192.x.x.x: 11: disconnected by user
    =============

    I did not find it that useful. Yes offcourse we get the IP here, but all of my users are using dynamic IPs and different ISPs, so it changes everytime. Is there anyway to check which public key has accessed root via ssh?? :rolleyes:

    I already tried enabling "LogLevel INFO" and "LogLevel VERBOSE" in the sshd_config after checking some public urls, but nothing changes of logging in secure log.
     
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    I would advise you create unprivileged (normal) user accounts for each admin. Use one key per user account, and then give those account sudo privileges where needed.
     
  3. penguinbliss

    penguinbliss Member

    Joined:
    Jul 3, 2012
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thanks for the help brother
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page