Invalidating unused ssh keys

ssh authentication

Solution 1:

Everything is documented in sshd(8), under "AUTHORIZED_KEYS FILE FORMAT" section.

In .ssh/authorized_keys2 add something like environment="SSHKEY=1" at beginning of each line, so it should looks like:

environment="SSHKEY=1" ssh-dss AAAAB3N ...
environment="SSHKEY=2" ssh-rsa AAAAB3N ...

Enable PermitUserEnvironment option in /etc/ssh/sshd_config and restart sshd. Now you can add something like echo $SSHKEY >>.sshlog to ~/.bashrc for logging used ssh keys.

But I think much ease way is backup authorized_keys2 file, remove all keys from it, and just wait until people call/email/im you asking why svn doesn't work. Then you can either restore their key or ask them to resend their keys to you if you unsure which key belong to who. As side effect you'll know who is really working. :)

Related

I want my logs sent to my mail with logrotate
Building a Data Warehouse
IIS 7.5 Custom HTTP Response Headers Not Working
Incorrect gzipping of http requests, can't find who's doing it
Make Dell's OpenManage 6.2 information available through SNMP
windows 2003 DNS server and DNS SEC
Shorcut to list pending updates in Microsoft Windows
Antivirus Configuration for dedicated SQL and dedicated IIS Servers
Upgrading from small business Wi-Fi network access points with individual SSIDs
Moving to an outside Exchange provider - How to create new Outlook profile on multiple PCs?
Apache - Include conf Files Relative to ServerConfigFile (-f arg)
Running .NET app from network share in Win 7?