-
Notifications
You must be signed in to change notification settings - Fork 84
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support SSH Keys #8
Comments
Yes! I had been meaning to add this, but I wasn't aware there was a source of leaked keys I could use as an initial test. It should be fairly easy to add, I think I can just treat them as passwords internally. |
I have an initial support for this in 2617592 You have to add a key using something like this
The output of various commands isn't pretty, but it works. Probably the downside of re-using 'password' to mean 'password or key' Looks like I can easily add support for importing directly from a checkout of https://github.com/rapid7/ssh-badkeys/tree/master/authorized, I just need to loop over the directory and grab the 'user' field from the yaml and the key from the .key file. I'm not sure if this is best done inside ssh-auditor or in a standalone script.... I already support bulk importing via json or csv... something like this
used like
|
Would be very cool to see ssh key support on this awesome tool. If there could be an argument like "-key /path/to/keys/id_rsa". Also posting a reply here to be kept in the loop if there is development :) Thanks |
@syrius01 Initial ssh key support is implemented now in 0.15. The UX could be better though, right now you need to do this to load a key into the database:
|
Would be neat to be able to add bad/default SSH keys, for example the ones in the https://github.com/rapid7/ssh-badkeys repo, for a start.
The text was updated successfully, but these errors were encountered: