SSH Certificates and user principal logging/auditing?
Hi all,
I've been looking at SSH Certs for authentication. One of the things I'm having trouble wrapping my mind around is this idea of user to principal mapping. From my perspective it just makes auditing/logging more difficult to track.
For example:
Let's just say I have users\[1-5\] all issued SSH certificates with principal 'www' for all prod servers (or some other generic user).
If everyone logs in to the system with their 'www' principal (ssh -i \~/.ssh/my\_signed\_cert.pub www@server), there's no way to distinguish who did what on the local system. I get that there are paid and open source agent solutions that do per session auditing and tracking, but why complicate it with an extra layer?
I'd rather have a system log show up like this
* 'user x made xyz change'
* 'user y made abc change'
Rather than
* 'www made xyz change'
* 'www made abc change'
In the system log there's only a record of authentication with the serial number, so you know who logged into the system as 'www' at what time, but after that it's all a blur.
The way I see it, it's better to have a 1:1 user to principal mapping. I guess I understand that some systems only have generic user names like 'postgresql
ClubHub
Eeli Wiitala
@orangecat219799
Only @orangecat219799 can see everyone listening in. Visitors see a rotating sample.
Jackson Anderson
Listening
Yael Van Roessel
@orangepanda664582
Michele Lefebvre
@tinyladybug389867
Ian Moreno
@angrywolf711703
Martin Kerscher
@whiteleopard356910
Charlotte Claire
@angrydog954665
Willard Russell
@blackmeercat220250
Aayushi Shroff
@smallgorilla514203
Allan Owens
@bigdog811182
Yvonne Faure
@greenswan808806
Magdalena Paredes
@smalllion534955
Paige Ryan
@tinypanda333398
Kayla Fisher
@lazygorilla233174
Riley Clarke
@bigrabbit252948
David Harris
@tinygoose622646
Silvijn Kloosterhuis
@blackwolf991815
Noelia Herrera
@orangeduck139317
Feija Gijsbertsen
@purplerabbit511669
Zora Ivanović
@goldenswan878714
Luis Diaz
@sadbear308513
Raquel Núñez
@angrycat780421
آیناز گلشن
@crazymouse329770
Vlast Zubrickiy
@beautifulswan699985
Momir Vrhovac
@lazyzebra738348
Francisco Scheid
@saddog691384
Andrzej Türk
@bigbutterfly317449
Stefan Cornelius
@sadleopard838883
Orimira Andrusenko
@organicfish580670
Jannis Rolle
@sadpanda150980
Mélody Pierre
@happyleopard228340
Brandon Hopkins
@organicleopard250505
Gordyata Dupliy
@crazypeacock715496
Natalija Wachsmuth
@organickoala298750
Katie Lee
@purplesnake829526
Osmar da Rocha
@goldenrabbit997350
Sofija Perić
@whitekoala353705
Milton Crawford
@beautifulbear603503
Olívia Gomes
@sadladybug371673
Idhant Rajesh
@smalllion958632
Karolin Mittelstädt
@smallpeacock429579
Clara Bélanger
@orangepeacock694747
Mario Rodríquez
@bigrabbit694186
Paraskeva Kuharska
@crazyostrich401716
Josefine Poulsen
@brownsnake955920
Óscar Camacho
@goldenpanda153207
Zoe Bailey
@tinygoose784512
Daniel Tafoya
@blackmouse644445
Annina Blanc
@ticklishzebra979137
Tomas Romero
@smallfrog480182
Bastien Michel
@crazysnake573688
Tristan Lam
@orangeswan292917
Following
Maximino Ribeiro
@whitetiger763773
Saranya Anand
@greenostrich864703
Harper Lavoie
@beautifulpanda350580
Käthe Maucher
@blueelephant281663
Emilie Jensen
@brownbear864764
سوگند مرادی
@bigmeercat232955
Heimo Göller
@bluecat397191
کیانا احمدی
@smalltiger503267
Volkan Koç
@sadleopard992489
Shira Klijsen
@lazywolf797314
Malou Johansen
@crazybear494948
Marilou Bouchard
@bigrabbit243860
Logan Jean
@greenrabbit199680
Allen Anderson
@bluebutterfly713608
Marc Perry
@greenleopard659637
Erin Mccoy
@redostrich704649
Buse Çetiner
@happygoose913146
Radmila Grujić
@tinybutterfly624265
Oğuzhan Sarıoğlu
@bluebutterfly440144
Sandra Day
@bluekoala417779
Nico Kriegel
@heavysnake529645
Nurdan Durmaz
@ticklishlion781102
Benjamin Leroy
@ticklishgoose377492
احسان زارعی
@lazysnake988417
Maja Kristensen
@bigbear806120
Mestan Dağlaroğlu
@happyrabbit608864
Mónica Pascual
@orangegoose626357
Jade Tremblay
@purpledog447762
Benedikt Carpentier
@greenrabbit422151
Beau Johnson
@heavypanda736915
Pinja Jarvinen
@ticklishwolf334702
Harvey Owens
@lazymouse255548
Vilma Jokinen
@sadladybug895855
Prebislav Haritonenko
@lazybird560843
Viljami Tuomala
@tinywolf139300
Mstislav Vizerski
@ticklishbear366199
Enola Martinez
@redelephant976270
Imogen Jackson
@bigbutterfly294819
Billy Cruz
@smallsnake902191
Arijus Lekven
@whitepanda316203
Ida Christensen
@whitebird748710
Nina Van Baalen
@bigfish983328
Finn King
@blackswan932529
Olena Yarich
@orangegoose453786
Noemí Lugo
@whitetiger251341
Mathis Menard
@greenladybug839886
Eemil Kokko
@orangetiger399300
Gerfried Rapp
@greenbird462883
Aiden Bélanger
@happybird985579
Merian Arnoldus
@greenostrich667504
Dwight Byrd
@greenswan533278
Mateja Bajević
@greenleopard221135
Milla Kuusisto
@tinytiger619788
Jan Fanebust
@heavydog430487
Lada Subašić
@heavytiger719502
Nihal Aclan
@angrygoose300860
Florence Evans
@whiteleopard693287
Cléo Charles
@organicfrog306326
James Johnson
@tinyfrog573991
Scott Rekdal
@angryswan635987
Tristan Lam
@orangeswan292917
Line Gulli
@smallmouse467954
Elisete Moraes
@silverfrog657985
عرشيا جعفری
@lazybear169970
Clóvis Farias
@blueduck664816
Diego Carpentier
@ticklishsnake273824
Asta Jørgensen
@happyfrog379198
Maddison Berry
@goldengoose801407
Jackson Anderson
@ticklishwolf217949
فاطمه کامروا
@organicsnake471607
Paige Ryan
@tinypanda333398
Kassem Farhat
@kassem
Global Virtual Trust
@gvt
ClubHub Team
@ClubHub