Scott Rohling wrote:
Auditors like to think they know who did things. If I connect to your
system using ssh, how do you know it's me? All you know is that someone
connected using a public key you've approved.
That 'someone' who connected has the private key that pairs with the public
key... that's supposed to be the indicator that it is you.
01:20:21 r...@mail.office.lan ~ # wc -l .ssh/authorized_keys*
9 .ssh/authorized_keys
9 .ssh/authorized_keys2
18 total
01:20:33 r...@mail.office.lan ~ #
I don't recall that anything logs who's logged in as root. Here's what
my system logged just now:
Jan 23 01:20:19 mail sshd[3619]: Accepted publickey for root from
192.168.9.131 port 41855 ssh2
Jan 23 01:20:20 mail sshd[3625]: (pam_unix) session opened for user root
by root(uid=0)
--
Cheers
John
-- spambait
1aaaa...@coco.merseine.nu z1aaaa...@coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
You cannot reply off-list:-)
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
