ssh-auditor
ssh-auditor copied to clipboard
ncsa
Support SSH Keys
Would be neat to be able to add bad/default SSH keys, for example the ones in the https://github.com/rapid7/ssh-badkeys repo, for a start.
Yes! I had been meaning to add this, but I wasn't aware there was a source of leaked keys I could use as an initial test.
It should be fairly easy to add, I think I can just treat them as passwords internally.
I have an initial support for this in 2617592149453c47fb2f0aa026b4b2fe2aaaf61e
You have to add a key using something like this
ssh-auditor cred add -- test "$(cat testing/docker/alpine-sshd-test-key/test.key)"
The output of various commands isn't pretty, but it works. Probably the downside of re-using 'password' to mean 'password or key'
Looks like I can easily add support for importing directly from a checkout of https://github.com/rapid7/ssh-badkeys/tree/master/authorized, I just need to loop over the directory and grab the 'user' field from the yaml and the key from the .key file. I'm not sure if this is best done inside ssh-auditor or in a standalone script.... I already support bulk importing via json or csv... something like this
from __future__ import print_function
import glob
import yaml
import json
keys = []
for fn in glob.glob("*.yml"):
keyfile = fn.replace(".yml", ".key")
with open(fn) as f:
metadata = yaml.safe_load(f)
user = metadata[":user"]
with open(keyfile) as f:
key = f.read()
keys.append({
"User": user,
"Password": key,
})
for cred in keys:
print(json.dumps(cred))
used like
ssh-badkeys/authorized$ python export.py | ssh-auditor cred import json
Would be very cool to see ssh key support on this awesome tool. If there could be an argument like "-key /path/to/keys/id_rsa".
Also posting a reply here to be kept in the loop if there is development :)
Thanks
@syrius01 Initial ssh key support is implemented now in 0.15. The UX could be better though, right now you need to do this to load a key into the database:
ssh-auditor cred add -- root "$(cat /path/to/keys/id_rsa)"