HPE Community
Operating System - HP-UX
1827243 Members
2385 Online
109716 Solutions
New Discussion

any way to display source computer from cert

 
Michael Murphy_2
Frequent Advisor

‎07-07-2009 05:48 AM

‎07-07-2009 05:48 AM

any way to display source computer from cert

i have ssh setup on one of our unix boxes - wanted to know if there was a utility to display the remote system name that is attached to a public key? Thanks
0 Kudos
Reply
5 REPLIES 5
Steven E. Protter
Exalted Contributor

‎07-07-2009 05:55 AM

‎07-07-2009 05:55 AM

Re: any way to display source computer from cert

Shalom,

An echo statement in the .profile, or a have a script do a lookup. You will need to execute the script from ssh.

echo $SSH_CONNECTION

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎07-07-2009 05:57 AM

‎07-07-2009 05:57 AM

Re: any way to display source computer from cert

Or $SSH_CLIENT

Don't point both posts.

Silly mistake on my part.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Mel Burslan
Honored Contributor

‎07-07-2009 06:01 AM

‎07-07-2009 06:01 AM

Re: any way to display source computer from cert

If I am understanding you correctly, you want to look into a public key (probably in the .ssh/authorized_keys file) and be able to tell which server this key allows you to login from ? If this is right, there is no certain way to do that as the private part of the same key can be spread across many servers, allowing the user of this private key to come to your server and authenticate successfully. Usually these keys in authorized_keys file, are appended by "user@host" string but it means nothing more than where the key pair got generated and changing this string will not affect the functionality of the key pair. So, it is an information only field which can not be trusted.
________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
Michael Murphy_2
Frequent Advisor

‎07-07-2009 06:07 AM

‎07-07-2009 06:07 AM

Re: any way to display source computer from cert

Mel - exactly my question - however many of my keys do not have machine info appended.

Stephen - not sure about your reply - if i do not know the host how do i kick off ssh to that host?
0 Kudos
Reply
Mel Burslan
Honored Contributor

‎07-07-2009 06:19 AM

‎07-07-2009 06:19 AM

Re: any way to display source computer from cert

if you are looking into the authorized_keys file and see a lot of different keys, they do not enable or entitle you to ssh into those servers. Public keys are used only for authentication of incoming ssh sessions. If you want to know who is connecting to your server utilizing these keys, you will need to run sshd in debug mode and look at the conversation as ssh request coming in. Somewhere in that debug output, it will tell which particular key (more than likely in the form of line number in authorized_keys file), is being utilized.

starting sshd in debug mode is something I have no experience with but I am sure it can be done somehow. I only know to do this for a single incoming ssh connection. You can stop the sshd by

/sbin/init.d/secsh stop

then start ssh in debug mode for a single connection instance by

/usr/sbin/sshd -vvv

this will dump debug data on your screen. So it is better to start your terminal capture mode prior to running this command, otherwise data could be overwhelming to follow on-screen. Once it is running, you can see the first incoming ssh attempt and correlate the key used to the incoming connection's IP address. If you do this sufficient number of times, especially if you can, with the help of the people on the other end of communication, you can figure all your public keys' owners in time.

Hope this helps.
________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.