Reputation: 166
SSH Authentication(no PAM): how to know if user logged in by key or password?
I want to do something after user SSH logged in, which is different from by public key or by password. PAM won't be involved in my case.
There is one way that the program can check SSH auth information from /var/log/messages or /var/log/auth.log. But usually, those files are unreadable to normal user. Maybe I can chmod o+r, but it sounds insecure.
And I also checked some SSH related environment variables like 'SSH_CONNECTION', but none of them is of use.
Is there a good way to do this? Thanks for help :)
Upvotes: 0
Views: 1430
Answers (2)
Reputation: 2315
Your only way right now is to change the LogLevel in /etc/ssh/sshd_config and parse your syslog output logs to find out what auth method was used.
LogLevel DEBUG have for sure the info needed, but you can probably find it also with VERBOSE level ... test it
Upvotes: 1
Reputation: 61389
You can't do so outside of sshd itself, and inside it the only way I know of is by using authorized_keys to match specific keys and perform specific commands.
Upvotes: 1
Related Questions
- Check if passwordless access has been setup
- Does SSH allow a user login without password and key?
- Password-less login for SSH via SSH
- check is SSH prompt for password or not
- restrict access based on SSH key
- Bash - checking if user is logged via ssh
- Check identity of remote-user after password-less ssh-login?
- How to detect if ssh keys are password protected?
- PAM module for ssh: how to know if user is using key or password to authenticate
- Is it possible to know which key is being used when an SSH account is logged in