Ignore:
Timestamp:
Jun 18, 2008, 6:42:57 PM (16 years ago)
Author:
quentin
Message:
Stop more spew; parse ssh keys and identify the used key when publickey auth happens
File:
1 edited

Legend:

Unmodified
Added
Removed
  • server/fedora/config/etc/syslog-ng/d_zroot.pl

    r768 r770  
    55use Sys::Hostname;
    66use Time::HiRes qw(ualarm);
     7use File::Temp;
    78
    89our $ZCLASS = "scripts-auto";
     
    2223
    2324my %toclass;
     25
     26my %sshkeys;
     27
     28sub buildKeyMap($) {
     29    my ($file) = @_;
     30    open (KEYS, $file) or warn "Couldn't open $file: $!";
     31    while (<KEYS>) {
     32        chomp;
     33        my ($fingerprint, $comment) = parseKey($_);
     34        $sshkeys{$fingerprint} = $comment;
     35    }
     36    close(KEYS);
     37}
     38
     39sub parseKey($) {
     40    my ($key) = @_;
     41    my $tmp = new File::Temp;
     42    print $tmp $key;
     43    close $tmp;
     44    open (KEYGEN, "-|", qw(/usr/bin/ssh-keygen -l -f), $tmp) or die "Couldn't call ssh-keygen: $!";
     45    my ($line) = <KEYGEN>;
     46    close(KEYGEN);
     47    my (undef, $fingerprint, undef) = split(' ', $line, 3);
     48    my (undef, undef, $comment) = split(' ', $key, 3);
     49    print "$fingerprint $comment";
     50    return ($fingerprint, $comment);
     51}
     52
     53buildKeyMap("/root/.ssh/authorized_keys2");
    2454
    2555while (1) {
     
    4777        } elsif ($message =~ m|session \S+ for user (\S+)|) {
    4878            sendmsg($message) if exists $USERS{$1};
     79        } elsif ($message =~ m|^Found matching (\w+) key: (\S+)|) {
     80            if ($sshkeys{$2}) {
     81                sendmsg($message." (".$sshkeys{$2}.")");
     82            } else {
     83                sendmsg($message." (UNKNOWN KEY)");
     84            }
    4985        } elsif ($message =~ m|^Connection closed|) {
    5086            # Do nothing
     87        } elsif ($message =~ m|^Closing connection to |) {
     88        } elsif ($message =~ m|^Connection from (\S+) port (\S+)|) {
    5189        } elsif ($message =~ m|^Invalid user|) {
    5290        } elsif ($message =~ m|^input_userauth_request: invalid user|) {
     
    5997        } elsif ($message =~ m|^Postponed keyboard-interactive for invalid user |) {
    6098        } elsif ($message =~ m|^Failed keyboard-interactive/pam for invalid user |) {
     99        } elsif ($message =~ m|^Postponed gssapi-with-mic for |) {
    61100        } elsif ($message =~ m|^Address \S+ maps to \S+, but this does not map back to the address|) {
    62101        } else {
    63 #           sendmsg($message, "scripts-spew");
     102            sendmsg($message, "scripts-spew");
    64103        }
    65104    }
Note: See TracChangeset for help on using the changeset viewer.