Last active
July 5, 2021 18:35
-
-
Save niltonvasques/095b77b7df72a7884cd43c53258e69f6 to your computer and use it in GitHub Desktop.
Easily identify the accepted SSH Logins in a Linux Host - bash < <(curl -s -L https://git.io/Jc6hV)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# ssh_sha256_owners.txt file should be generated by finding the SHA256 fingerprint | |
# for each line present inside .ssh/authorized_keys with | |
# ssh-keygen -lf /tmp/user_key.pub >> ssh_sha256_owners.txt | |
RED='\033[0;31m' | |
GREEN='\033[0;32m' | |
NC='\033[0m' # No Color | |
EMPTY=" " | |
AUTH_FILE=/var/log/auth.log* | |
LOGINS=$(grep 'Accepted publickey' $AUTH_FILE) | |
while IFS= read -r line | |
do | |
echo "$line" | |
key=$(echo "$line" | grep "SHA256.*" -o) | |
grep $key ssh_sha256_owners.txt --color=auto | |
done < <(printf '%s\n' "$LOGINS") | |
echo "All accepted keys found: " | |
LOGINS=$(grep 'Accepted publickey' $AUTH_FILE | grep "SHA256.*" -o | sort | uniq) | |
while IFS= read -r line | |
do | |
echo "$line" | |
grep "$line" ssh_sha256_owners.txt --color=auto | |
if [ $? != 0 ]; then | |
printf "${RED}SSH KEY NOT FOUND IN THE WHITELIST !!!${NC}\n" | |
fi | |
done < <(printf '%s\n' "$LOGINS") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment