Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support SSH Keys #8

Open
0x27 opened this issue Oct 28, 2018 · 4 comments
Open

Support SSH Keys #8

0x27 opened this issue Oct 28, 2018 · 4 comments

Comments

@0x27
Copy link

0x27 commented Oct 28, 2018

Would be neat to be able to add bad/default SSH keys, for example the ones in the https://github.com/rapid7/ssh-badkeys repo, for a start.
@JustinAzoff
Copy link
Contributor

Yes! I had been meaning to add this, but I wasn't aware there was a source of leaked keys I could use as an initial test.

It should be fairly easy to add, I think I can just treat them as passwords internally.

@JustinAzoff
Copy link
Contributor

JustinAzoff commented Oct 30, 2018
edited
Loading

I have an initial support for this in 2617592

You have to add a key using something like this

ssh-auditor cred add -- test "$(cat testing/docker/alpine-sshd-test-key/test.key)"

The output of various commands isn't pretty, but it works. Probably the downside of re-using 'password' to mean 'password or key'

Looks like I can easily add support for importing directly from a checkout of https://github.com/rapid7/ssh-badkeys/tree/master/authorized, I just need to loop over the directory and grab the 'user' field from the yaml and the key from the .key file. I'm not sure if this is best done inside ssh-auditor or in a standalone script.... I already support bulk importing via json or csv... something like this

from __future__ import print_function
import glob
import yaml
import json

keys = []

for fn in glob.glob("*.yml"):
    keyfile = fn.replace(".yml", ".key")

    with open(fn) as f:
        metadata = yaml.safe_load(f)
    user = metadata[":user"]

    with open(keyfile) as f:
        key = f.read()

    keys.append({
        "User": user,
        "Password": key,
    })

for cred in keys:
    print(json.dumps(cred))

used like

ssh-badkeys/authorized$ python export.py  | ssh-auditor  cred import json

@syrius01
Copy link

syrius01 commented Nov 1, 2018
edited
Loading

Would be very cool to see ssh key support on this awesome tool. If there could be an argument like "-key /path/to/keys/id_rsa".

Also posting a reply here to be kept in the loop if there is development :)

Thanks

@JustinAzoff
Copy link
Contributor

@syrius01 Initial ssh key support is implemented now in 0.15. The UX could be better though, right now you need to do this to load a key into the database:

ssh-auditor cred add -- root "$(cat /path/to/keys/id_rsa)"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@JustinAzoff @0x27 @syrius01