Audit OpenSSH private keys for passphrases
Timothy Rice
819e2476f2
Fix typo upholing -> upholding
|
2 years ago | |
|---|---|---|
| .gitignore | 3 years ago | |
| LICENSE | 3 years ago | |
| Makefile | 3 years ago | |
| README.md | 2 years ago | |
| key_audit.c | 3 years ago |
README.md
OpenSSH Key Auditor
Check whether OpenSSH private keys have a passphrase defined on them.
Motivation
In a shared user setting, it can be desirable to ensure that users are upholding the security of their OpenSSH private keys, by placing passphrases on them. Unfortunately, the OpenSSH command line tools do not offer any convenience methods for merely performing this check. Workarounds exist, but they are less elegant than simply validating an empty passphrase against a given keyfile.
The present program aims to fill this missing functionality.
Example Usage
$ key_audit /home/dummy/.ssh/id_ed25519 && echo good || echo bad
bad
$ grep -rli 'begin.*private key' /home/*/.ssh/ | while read k; do key_audit "$k" || printf "%s\n" "$k"; done
/home/dummy/.ssh/id_ed25519