Bug 2934

Summary: Getting Pubkey Fingerprint Used to Authenticate Current Session
Product: Portable OpenSSH Reporter: support
Component: MiscellaneousAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED DUPLICATE    
Severity: enhancement CC: djm
Priority: P5    
Version: 7.9p1   
Hardware: All   
OS: All   

Description support 2018-11-24 06:38:26 AEDT 
It would be nice to have an authoritative way to get the pubkey fingerprint used to authenticate the current session.  It could be a new utility, an option to an existing utility, or maybe just an environment variable.

This has already been partially addressed in 2082, but as a log entry--which is fine for purely informational purposes.  Yet, if anyone wants to branch out and build functionality with that information, the log is a very brittle way to do it.  What if the format changes?  What if my distro's maintainers move it?  What if I don't have access to it?  etc, etc.

There is already a stackexchange post on the topic--which illustrates the levels of sed wrangling and distro compensation that arise from depending solely upon the log:

https://unix.stackexchange.com/questions/15575/can-i-find-out-which-ssh-key-was-used-to-access-an-account

One usage example would be having a git repo under a single machine account with multiple users under `authorized_keys` for shared development.

Another would be logging into my own account from different machines (with different keys), and wanting to script different behavior depending on which key was used.

I know most of this could be faked with command= and environment=, but those solutions seem excessively manual.
Comment 1 Damien Miller 2018-11-26 12:32:14 AEDT 

*** This bug has been marked as a duplicate of bug 2408 ***
Comment 2 Damien Miller 2021-04-23 15:00:58 AEST 
closing resolved bugs as of 8.6p1 release