Skip to content

Gives an overview of all authorized keys on your linux server and their usage

License

Notifications You must be signed in to change notification settings

syxolk/ssh-keycheck

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

ssh-keycheck

Build Status Coverage Status Go Report Card

ssh-keycheck is a tool that gives you a quick overview of all authorized ssh keys on your server and their last use and usage count. This may be helpful for manual key expiration.

This tool does not attempt to change anything. All files are opened in read-only mode.

Installation

Download the latest package from the releases page.

tar xvf ssh-keycheck.tar.gz
sudo cp ssh-keycheck /usr/local/bin

# Add setuid flag to allow execution of ssh-keycheck without sudo
sudo chown root:root /usr/local/bin/ssh-keycheck
sudo chmod u+s /usr/local/bin/ssh-keycheck

Please inform yourself about setuid before setting it.

Usage

~$ ssh-keycheck -help
Usage of ssh-keycheck:
  -csv
        Print table as CSV (RFC 4180) using RFC 3339 for dates
  -fingerprint-md5
        Show fingerprint (MD5) column
  -fingerprint-sha256
        Show fingerprint (SHA256) column
  -help
        Show help and exit
  -insecure
        List only insecure keys
  -secure
        List only secure keys
  -unused int
        List only keys more than x days not used
  -used int
        List only keys used in the last x days
  -user string
        List only keys with matching user name
  -version
        Show version and exit
~$ ssh-keycheck
USER  COMMENT           TYPE      SECURITY  LAST USE       COUNT  LAST IP
root  rsa-key-20170101  RSA-4096  ok        never              -  -
root  rsa-key-20170102  DSA       insecure  9 minutes ago      3  10.0.0.10

Found 2 keys from 1 user. 1 key is insecure.

How does it work?

  • Read all users from /etc/passwd
  • Read ~/.ssh/authorized_keys file from each user's home directory
  • Read all /var/log/auth.log* files and search for Accepted publickey
  • Match public keys to logs

You may need to change your /etc/ssh/sshd_config in order to enable the required log messages:

LogLevel VERBOSE

Why does it require root?

The log files under /var/log require root rights.

Development

Requires a recent Go version (only tested with Go >=1.9)

go get github.com/syxolk/ssh-keycheck

Concurrent execution

execution graph

Algorithm security

The column SECURITY gives a hint whether the key algorithm is insecure or became deprecated. The following algorithms are currently considered insecure: