Support SSH Keys about ssh-auditor HOT 4 OPEN

Yes! I had been meaning to add this, but I wasn't aware there was a source of leaked keys I could use as an initial test.

It should be fairly easy to add, I think I can just treat them as passwords internally.

from ssh-auditor.

I have an initial support for this in 2617592

You have to add a key using something like this

ssh-auditor cred add -- test "$(cat testing/docker/alpine-sshd-test-key/test.key)"

The output of various commands isn't pretty, but it works. Probably the downside of re-using 'password' to mean 'password or key'

Looks like I can easily add support for importing directly from a checkout of https://github.com/rapid7/ssh-badkeys/tree/master/authorized, I just need to loop over the directory and grab the 'user' field from the yaml and the key from the .key file. I'm not sure if this is best done inside ssh-auditor or in a standalone script.... I already support bulk importing via json or csv... something like this

from __future__ import print_function
import glob
import yaml
import json

keys = []

for fn in glob.glob("*.yml"):
    keyfile = fn.replace(".yml", ".key")

    with open(fn) as f:
        metadata = yaml.safe_load(f)
    user = metadata[":user"]

    with open(keyfile) as f:
        key = f.read()

    keys.append({
        "User": user,
        "Password": key,
    })

for cred in keys:
    print(json.dumps(cred))

used like

ssh-badkeys/authorized$ python export.py  | ssh-auditor  cred import json

from ssh-auditor.

Would be very cool to see ssh key support on this awesome tool. If there could be an argument like "-key /path/to/keys/id_rsa".

Also posting a reply here to be kept in the loop if there is development :)

Thanks

from ssh-auditor.

@syrius01 Initial ssh key support is implemented now in 0.15. The UX could be better though, right now you need to do this to load a key into the database:

ssh-auditor cred add -- root "$(cat /path/to/keys/id_rsa)"

from ssh-auditor.