(2018-08-17)
Problem
When ssh logs pubkey use at login time, it only logs the key fingerprint. We need to figure out which key was used to log in because presumably from that we can figure out who did the login.
Solution
Shell code:
(
p="$(mktemp)"
cat ~/.ssh/authorized_keys | while IFS="$(printf "\n")" read key; do
echo $key > $p
echo `ssh-keygen -lf $p` `awk '{print $3}' < $p` | awk '{print $2, $5}'
done
rm -f $p
)
(Based on a comment in one of the answers in
source)