To see whether a Linux user is logged in with a key or a password, you can obtain information by checking the system log files. In the CentOS 7 system, system logs are usually stored in the /var/log directory, mainly including secure log files.
Here are the steps to determine whether a user logged in with a key or a password by looking at the secure log file:
- Open a terminal or SSH to connect to the CentOS 7 system.
- Switch to administrator status using root privileges or the sudo command.
- Open the secure log file with the following command:
If you want to search for keywords directly, you can use the grep command:less /var/log/secure
grep "sshd" /var/log/secure
- In the secure log file, a line similar to the following can be found:
The first line indicates that the user has successfully logged in through the key, and the second line indicates that the user has successfully logged in through the password.<日期> <时间> <主机名> sshd[<进程ID>]: Accepted publickey for <用户名> from <IP地址> port <端口号> ssh2: RSA SHA256:<密钥指纹> <日期> <时间> <主机名> sshd[<进程ID>]: Accepted password for <用户名> from <IP地址> port <端口号> ssh2
By looking at the secure log file, you can see whether the user logged in with a key or a password. Note that if log files are regularly cleaned or rotated, some logs may be deleted or moved to another location.