How to findout which key was being used to login for an SSH session

ssh bash

You will need to turn up logging.

On the client side, "ssh -v" will which private key was used.

On the server side, default log levels will only show that a public key was used (as opposed to password auth). You will need to set the logging level in sshd_config to at least VERBOSE.


To do this you will have to raise the LogLevel of your sshd to VERBOSE. 

logLevel VERBOSE

in /etc/ssh/sshd_config and restart sshd. This will cause sshd to log the fingerprint of the key used to log in, to the configured log file (/var/log/secure, /var/log/auth etc). You will get a message similar to this 

Dec  9 11:47:15 host sshd[32282]: Found matching RSA key: 54:d2:06:cf:85:ec:89:96:3c:a8:73:c7:a1:30:c2:8b

The 54:d2:06:cf:85:ec:89:96:3c:a8:73:c7:a1:30:c2:8b is the fingerprint of the key used to log in.

You can obtain the fingerprint of a particular key by using the command 

ssh-keygen -lf <keyfile>

where keyfile is the public key

sshkeygen -lf /tmp/test.key
2048 21:02:4b:82:83:62:49:d7:5f:e0:8f:cf:ec:a3:5f:38 /tmp/test.key (RSA)

Related

Why doesn't my htaccess redirect work?
run a script via cloud-init
How can I setup NAT with multiple public IPs (/29 subnet) on pfSense?
Zabbix server port 10051 is blocked in firewall and need to use only 80 port
How do i know if my domain/subdomain was digged by someone with any DNS dig tool? [closed]
What exactly does "system managed size" mean for a Windows pagefile?
Ethernet patch or crossover router to router [closed]
Patch panel confessions
Tracing network RJ45 / RJ11 cable from user desk to patch panel backend
Cable management between multiple racks
gigabit ethernet to single mode LC fiber
Tracert consistently shows packet loss at same router hop