Utility to scan for unpassworded SSH privkeys?
Darren Tucker
dtucker at zip.com.au
Fri May 24 11:20:38 EST 2013
On Thu, May 23, 2013 at 05:19:52PM -0700, Dan Mahoney, System Admin wrote:
> Thus, what I'd like to do is (in the spirit of crack's "nastygram"
> script), trawl through user .ssh directories and warn users with
> insecure keys (or warn root).
The key files are PEM format PKCS#8 and you can use openssl to test
whether or not the private keys need a passphrase:
$ openssl rsa -in id_rsa_nopass -passin pass: -noout 2>/dev/null ; echo $?
0
$ openssl rsa -in id_rsa_pass -passin pass: -noout 2>/dev/null ; echo $?
1
You can't tell by inspection of the authorized_keys file (it wasn't
clear if that's what you wanted).
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list