Mdthbs

In the twin paradox does the returning twin also come back permanently length contracted flatter than the twin on earth?

How can I communicate feelings to players without impacting their agency?

Where does the upgrade to macOS Catalina move root "/" directory files?

Advisor asked for my entire slide presentation so she could give the presentation at an international conference

Why is technology bad for children?

How can I check the implementation of a builtin function?

Moonlight bright enough to see by

What's that funny "illo" I keep hearing in Southern Spain?

Christmas party at employers home

Which CentOS 7 package provides the "boot" manpage?

Symbolise polygon outline where it doesn't coincide with other feature using geometry generator in QGIS?

Demod as a neologism

Why are second inversion triads considered less consonant than first inversion triads?

How should I understand FPGA architecture?

Why is Trump releasing or not of his taxes such a big deal?

Limiting sensor input voltage without biasing measurement

Word for 'most late'

Does a restocking fee still qualify as a business expense?

How do I get my boyfriend to remove pictures of his ex girlfriend hanging in his apartment?

How to extract *.tgz.part-*?

Milk instead of water in bread

Why do these two ways of understanding constant acceleration give different results?

I am often given, occasionally stolen, rarely sold, and never borrowed

What is the gold linker?

Update Linux secure log to show escalation to root not as the user but as its RSA Cert ID

denyhosts is blocking existing users from logging in from unknown (new) IP addressesSSH via cert-authoritycan't login in new user via ssh 'server refused our key'log or restrict the source user of ssh loginSSH Configuration Help / Can't tunnel

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{
margin-bottom:0;
}

0

I looked all over Google.com but I couldn't find any answers. I am hoping someone could help me here.

Background Info:
We use a Certificate Authority Server that signs our engineers Public/Private key and issues them a certificate. Our engineers will then use that certificate to SSH into the instances. The Certificate Authority server's public key is distrubuted on all our EC2 instances and SSHD conf is updated to trust a CA and its public key.

All our engineers' SSH as ec2-user and Linux secure logs record the following entry when an engineer SSHs into an instance

Oct  9 20:30:24 awesomelinuxserver sshd[5079]: Accepted publickey for ec2-user from 192.168.7.99 port 12118 ssh2: RSA-CERT ID john.doe (serial 6666669999985847) CA RSA SHA256:uef8+ggsgkJ6kC2Yfadfa+TbZadf28AFY

Problem:
When an engineer su to root the following log is recorded in the secure log:

Oct  9 22:28:35 awesomelinuxserver su: pam_unix(su:session): session opened for user root by ec2-user(uid=0)

Question:
How do I tailor the secure log to record the su escalation as the user's RSA-CERT ID rather than the user? So instead of saying su session opened to root by ec2-user, it should say su session opened to root by john.doe. Has anyone done this before?

ssh rhel sshd certificates

share|improve this question

asked 1 hour ago

DougDoug

111 bronze badge

New contributor

Doug is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment
 | 

0

I looked all over Google.com but I couldn't find any answers. I am hoping someone could help me here.

Background Info:
We use a Certificate Authority Server that signs our engineers Public/Private key and issues them a certificate. Our engineers will then use that certificate to SSH into the instances. The Certificate Authority server's public key is distrubuted on all our EC2 instances and SSHD conf is updated to trust a CA and its public key.

All our engineers' SSH as ec2-user and Linux secure logs record the following entry when an engineer SSHs into an instance

Oct  9 20:30:24 awesomelinuxserver sshd[5079]: Accepted publickey for ec2-user from 192.168.7.99 port 12118 ssh2: RSA-CERT ID john.doe (serial 6666669999985847) CA RSA SHA256:uef8+ggsgkJ6kC2Yfadfa+TbZadf28AFY

Problem:
When an engineer su to root the following log is recorded in the secure log:

Oct  9 22:28:35 awesomelinuxserver su: pam_unix(su:session): session opened for user root by ec2-user(uid=0)

Question:
How do I tailor the secure log to record the su escalation as the user's RSA-CERT ID rather than the user? So instead of saying su session opened to root by ec2-user, it should say su session opened to root by john.doe. Has anyone done this before?

ssh rhel sshd certificates

share|improve this question

asked 1 hour ago

DougDoug

111 bronze badge

New contributor

Doug is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment
 | 

I looked all over Google.com but I couldn't find any answers. I am hoping someone could help me here.

Background Info:
We use a Certificate Authority Server that signs our engineers Public/Private key and issues them a certificate. Our engineers will then use that certificate to SSH into the instances. The Certificate Authority server's public key is distrubuted on all our EC2 instances and SSHD conf is updated to trust a CA and its public key.

All our engineers' SSH as ec2-user and Linux secure logs record the following entry when an engineer SSHs into an instance

Oct  9 20:30:24 awesomelinuxserver sshd[5079]: Accepted publickey for ec2-user from 192.168.7.99 port 12118 ssh2: RSA-CERT ID john.doe (serial 6666669999985847) CA RSA SHA256:uef8+ggsgkJ6kC2Yfadfa+TbZadf28AFY

Problem:
When an engineer su to root the following log is recorded in the secure log:

Oct  9 22:28:35 awesomelinuxserver su: pam_unix(su:session): session opened for user root by ec2-user(uid=0)

Question:
How do I tailor the secure log to record the su escalation as the user's RSA-CERT ID rather than the user? So instead of saying su session opened to root by ec2-user, it should say su session opened to root by john.doe. Has anyone done this before?

ssh rhel sshd certificates

share|improve this question

asked 1 hour ago

DougDoug

111 bronze badge

New contributor

Doug is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

Oct  9 20:30:24 awesomelinuxserver sshd[5079]: Accepted publickey for ec2-user from 192.168.7.99 port 12118 ssh2: RSA-CERT ID john.doe (serial 6666669999985847) CA RSA SHA256:uef8+ggsgkJ6kC2Yfadfa+TbZadf28AFY

Oct  9 22:28:35 awesomelinuxserver su: pam_unix(su:session): session opened for user root by ec2-user(uid=0)

share|improve this question

asked 1 hour ago

DougDoug

111 bronze badge

New contributor

Doug is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this question

asked 1 hour ago

DougDoug

111 bronze badge

New contributor

Doug is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

asked 1 hour ago

DougDoug

111 bronze badge

New contributor

Doug is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

asked 1 hour ago

DougDoug

111 bronze badge