Tuesday, July 21, 2015

SSH - identify which users still login using passwords




I have an Ubuntu Linux server allowing password authentication for SSH, and I want to switch it to SSH keys only and disable password login.



Before I disable password login, how can I find out which users are still using passwords, and which have switched to key authentication?


Answer



You can't do that 100% reliably, but there are two strong indications:




  • First, the presence of a .ssh/authorized_keys file is a hint the user is at least prepared to use key based login

  • Second, in the authentication log file (/var/log/secure on CentOS, /var/log/auth.log on Debian/Ubuntu), the auth method will be logged: 




    Sep 28 13:44:28 hostname sshd[12084]: Accepted publickey for sven


    vs



    Sep 28 13:47:36 hostname sshd[12698]: Accepted password for sven


    Scan the log for entries with password mentioned to learn who is still using passwords. This will not work with users seldom logging in of course unless you have very long log retention.




-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...