Utility to scan for unpassworded SSH privkeys?
Dan Mahoney, System Admin
danm at prime.gushi.org
Fri May 24 11:31:10 EST 2013
On Fri, 24 May 2013, Darren Tucker wrote:
> On Thu, May 23, 2013 at 05:19:52PM -0700, Dan Mahoney, System Admin wrote:
>> Thus, what I'd like to do is (in the spirit of crack's "nastygram"
>> script), trawl through user .ssh directories and warn users with
>> insecure keys (or warn root).
>
> The key files are PEM format PKCS#8 and you can use openssl to test
> whether or not the private keys need a passphrase:
>
> $ openssl rsa -in id_rsa_nopass -passin pass: -noout 2>/dev/null ; echo $?
> 0
>
> $ openssl rsa -in id_rsa_pass -passin pass: -noout 2>/dev/null ; echo $?
> 1
>
> You can't tell by inspection of the authorized_keys file (it wasn't
> clear if that's what you wanted).
No, I knew that and wanted what you specified. Thanks for this. This is
workable into something basic.
-Dan
--
--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144 AIM: LarpGM
Site: http://www.gushi.org
---------------------------
More information about the openssh-unix-dev
mailing list