On Thu, 23 Aug 2001, Andrew Brown wrote:

: >Personally, I prefer ssh crypto keys for root access.  My machines don't
: >even have valid passwords for root anymore; a ssh has to be used, even from
: >localhost.  Logging the keys used for becoming root would probably be a
: >trivial thing to implement.
:
: ssh logging the keys that were used *in general* would also be a good
: thing.  which looks nicer?
:
: 	Aug 23 01:58:45 dukey sshd[10009]: log: RSA authentication for \
: 	andrew accepted.
:
: 	Aug 23 01:58:45 dukey sshd[10009]: log: RSA authentication for \
: 	andrew accepted with key andrew@something.

Actually, a log entry with the key fingerprint (even though it's long and
ugly) would be the best usage.  The alias of the key can be changed by
simple text editing of the authorized_keys file.

-- 
-- Todd Vierling <tv@wasabisystems.com>  *  Wasabi NetBSD:  Run with it.
-- NetBSD 1.5.2 available on CD-ROM soon!  --  http://www.wasabisystems.com/