我可以在Linux系统上审核用户的活动,当用户登录,使用SSH身份共享用户?
[英]Can I audit user activity on a linux system when users login as a shared user using an ssh identity?
问题描述
Let's say I have a user "appuser" on a linux system with a number of public keys set up in their authorized_keys file where several different people can log in as "appuser". 
假设我在Linux系统上有一个用户“ appuser”,并在他们的authored_keys文件中设置了许多公钥,几个不同的人可以以“ appuser”身份登录。
When I log in using my private key that is linked to my public key, is what I do as the "appuser" traceable back to me? 当我使用链接到公钥的私钥登录时,作为“ appuser”可以追溯到我做什么? (I want it to be). (我希望是)。 If the activity is not traceable back to the identity of the user that logged in as app user, is there a way to make it traceable back to that identity? 如果活动不可追溯到以应用程序用户身份登录的用户的身份,是否有办法使其可追溯到该身份?
1 个解决方案
解决方案1
0 2012-08-28 18:01:36
The authorized_keys file allows for some options, including 'command' which will call a program or script you can write. authorized_keys文件允许使用某些选项,包括“命令”,该命令将调用您可以编写的程序或脚本。 I haven't tried this, but you might be able to perform whatever actions you need to in the script and then exec bash (or your shell of choice). 我没有尝试过,但是您可以执行脚本中需要执行的任何操作,然后执行bash(或您选择的shell)。
Another way you can match logins with keys is to turn LogLevel in sshd_config to VERBOSE and grep /var/log/secure (or whatever AUTHPRIV messages are going to) for 'Found matching .* key'. 您可以使用键来匹配登录名的另一种方法是将sshd_config中的LogLevel转换为VERBOSE,然后将grep / var / log / secure(或任何AUTHPRIV消息发送给)以用于“找到匹配的。*键”。 You can run the key found in the 'Found matching' line through 'ssh-keygen -l -f' which will dump the matching entry in authorized_keys. 您可以通过“ ssh-keygen -l -f”运行在“找到的匹配项”行中找到的密钥,这会将匹配项转储到authorized_keys中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.