Audit OpenSSH private keys for passphrases
Timothy Rice 819e2476f2 Fix typo upholing -> upholding | пре 3 година | |
---|---|---|
.gitignore | пре 4 година | |
LICENSE | пре 4 година | |
Makefile | пре 4 година | |
README.md | пре 3 година | |
key_audit.c | пре 4 година |
Check whether OpenSSH private keys have a passphrase defined on them.
In a shared user setting, it can be desirable to ensure that users are upholding the security of their OpenSSH private keys, by placing passphrases on them. Unfortunately, the OpenSSH command line tools do not offer any convenience methods for merely performing this check. Workarounds exist, but they are less elegant than simply validating an empty passphrase against a given keyfile.
The present program aims to fill this missing functionality.
$ key_audit /home/dummy/.ssh/id_ed25519 && echo good || echo bad
bad
$ grep -rli 'begin.*private key' /home/*/.ssh/ | while read k; do key_audit "$k" || printf "%s\n" "$k"; done
/home/dummy/.ssh/id_ed25519