Utility to scan for unpassworded SSH privkeys?

Dan Mahoney, System Admin danm at prime.gushi.org
Fri May 24 10:19:52 EST 2013


Hey all,

Let's make an assumption:

1) I am a root user on a system.

2) I don't want said system being used as a jumping-off point if either a 
user account or the root account is compromised.

Given an unencrypted private key, plus a known_hosts file, plus 
bash_history, it's a pretty easy avenue of attack once you're in the front 
door.  And it's happened before*.

Thus, what I'd like to do is (in the spirit of crack's "nastygram" 
script), trawl through user .ssh directories and warn users with insecure 
keys (or warn root).

I'm shocked I can't find something that does this with a basic google 
search.  Debian offers their ssh-vulnkey tool, but that checks for 
something different (weak RNG-seeded keys).

Has anyone come across something like this?  Better still, written it?

It seems to me that something like this should be in /contrib, but that's 
just me.

My ears are open.

-Dan

*(http://it.slashdot.org/story/12/11/17/143219/freebsd-project-discloses-security-breach-via-stolen-ssh-key)
http://threatpost.com/apache-site-hacked-through-ssh-key-compromise-082809/

-- 

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------



More information about the openssh-unix-dev mailing list