Skip to main content

Obtaining Key-Activity Data

This section describes a routine that can be used for testing key-activity scans.

note

If you are using OpenSSH 6.2 or earlier version, to enable Key Manager to detect key activity on an OpenSSH host, the OpenSSH server must have its LogLevel set to VERBOSE. For instructions about setting the LogLevel via Key Manager see Managing SSH Configurations.

For more Information about the prerequisites to key activity scanning, see Enabling Key-Activity Monitoring.

  1. Perform some SSH logins using public-key authentication. In this example, we use the SSH authorization set up earlier (as described in Adding Authorizations Between Accounts). From one of the previously-defined source accounts, use SSH to log into one of the destination accounts.

    Since authorizations are already in place, you should be able to log in without providing account passwords.

    Remember the time when you performed the login(s). You will need to verify these in the key-activity logs later.

  2. To detect the latest log-in information, scan the destination host for key activity: On the Hosts page, select the destination host(s), then perform a Key Activity Scan action on them.

    Key Manager starts scan-host-key-activity jobs on the target host(s). Once the jobs finish, the latest key-activity information from the target hosts should be visible in the Key Manager system. You may review the progress of the job(s) on the Logs→Jobs page.

    note

    The default filters set on the Logs→Jobs page hide finished jobs. If the job you are looking for finished before you manage to load the Logs→Jobs page , you will need to remove the default filter to see that job.

  3. All detected key-activity is available on the Logs→SSH Logins page. Here you should verify that your latest logins were recorded. One way to find the correct entries is by sorting the entries according to the Login date column (assuming your test hosts do not get frequent logins, your test logins should correspond to the latest entries). You can then verify that the Login date corresponds to the time of your last login.