Cheat Sheets

SSH - Inventory

Description

Inventory only scanner fuzzy guessing SSH key equivalencies from authorized_keys comment field. Recognizes all non-revoked keys with @ in the comment field. Fuzzy matches host names to known FQDNs.

Check Script: ssh-key-inventory.sh

#!/bin/bash

fqdn=$(hostname -f) users=$(getent passwd | awk -F: '{if(($3 >= 1000) && ($3 < 65534)) { print $1 }}') for u in $users; do homedir=$(getent passwd "$u" | cut -d: -f 6) afile="${homedir}/.ssh/authorized_keys" if [ -f "${afile}" ]; then while read user host; do # Track once for inbound host result_network_edge "Key Equivalency" "$u" "$fqdn" high "[email protected]$host" high in 1

# Track once for originating host result_network_edge "Key Equivalency" "$host" "[email protected]$host" high "$fqdn" high out 1 done < <( grep -v "^@revoked" "$afile" | sed "s/.* //" | grep "[email protected]" | sed "s/@/ /" ) fi done
Comment on Disqus