How to find out which key was used for public key authentication?
Are you wanting to find this out after something that has already happened (forensics) or are you wanting to make it so that you can log who does what?
For forensics: On my Fedora system, /var/log/secure
contains records of each public key authentication and username, but doesn't say which key was used. You're probably out of luck here
For future auditability: You can use the authorized_keys
file to set the commands each login is restricted to, and then run a program that logs the authentication (and possibly subsequent commands, using something like sudoscript):
If the options phrase at the beginning of a line contains the keyword command="string", then any ssh connection that authenticates using that particular key will only run the command specified, even if the command line it was given specified another command.
It must be said though, it probably makes more sense to set up multiple accounts, and then set up a shared access area...
...using a shared account...
Thanks for giving us a perfect example to point to when explaining why this is a bad idea. ;-)
Seriously though, want you want cannot be done afaik. And if by "keys comment" you mean the comment that is in the id_rsa file after the key, that's a no-go too. It is a comment, it is not sent to the server on the other side.
Really. Set up multiple accounts.
If you set sshd to log at a verbose enough level, the fingerprint of the key used to login is printed. Fills your logs awfully fast, though.
For auditability and if your people are using ssh-agent, you could put this in your .bashrc:
SSH_KEY_NAME=$(ssh-add -L | cut -d' ' -f 3 || 'unknown')
if [[ ! $SSH_KEY_NAME ]]; then SSH_KEY_NAME="no agent"; fi
echo `/bin/date` $SSH_KEY_NAME >> ~/.login.log