How to check which user with public key has logged in server via ssh?

penguinbliss

Member
Jul 3, 2012
9
0
1
cPanel Access Level
Root Administrator
Hi all, I wanted to secure my host servers completely, all are Centos-cPanel running servers. One of the basic thing is SSH. They are currently enabled with keyauthentication and password authentication is disabled on the other hand. I have few admins working under me for managing my servers, and all of them got root privilege using key based authentication. They got their own public keys and added in all of my servers in the file /root/.ssh/authorized_keys

Now I am just curious and wanted to know how I can check which user login in with which public key of them. All I can see in the /var/log/secure log is as follows:

=============
Jul 14 02:48:05 serverxxx sshd[428512]: Accepted publickey for root from 192.x.x.x port 59445 ssh2
Jul 14 02:48:17 serverxxx sshd[428512]: Received disconnect from 192.x.x.x: 11: disconnected by user
=============

I did not find it that useful. Yes offcourse we get the IP here, but all of my users are using dynamic IPs and different ISPs, so it changes everytime. Is there anyway to check which public key has accessed root via ssh?? :rolleyes:

I already tried enabling "LogLevel INFO" and "LogLevel VERBOSE" in the sshd_config after checking some public urls, but nothing changes of logging in secure log.
 

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
I would advise you create unprivileged (normal) user accounts for each admin. Use one key per user account, and then give those account sudo privileges where needed.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,256
463
I am happy to see the advice you received was helpful. I am marking this thread as [Resolved].

Thank you.