matching sshd’s log ‘Accepted publickey for’ to specific public key
journalctl -f or tail -f /var/log/auth.log shows on successful login something like this: that GDF…….somehash………………k is a fingerprint of publish ssh key and matches one of the entries in authorized_keys. which one? will show you fingerprints for all of the existing authorized keys, now you can match it with the log trace of successful login.