sshkey-audit

command module

v0.0.0-...-fe519f3 Latest Latest Go to latest Published: Oct 26, 2022 License: Apache-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/google/sshkey-audit

README ¶

Moved to github.com/ThomasHabets/sshkey-audit

sshkey-audit

This is not an official Google product.

Example

$ cat keys.txt
ssh-rsa AAAAAhuteonhuneo… my-awesome-laptop
ssh-rsa AAAAhtuhsotiesi…  carol@my-desktop
ssh-rsa AAAAhtuhutnuheo…  corp@work-laptop
ssh-rsa AAAAhtuhuueoueo…  my-manager@their-work-laptop

$ cat groups.txt
home    my-awesome-laptop carol@my-desktop
work    corp@work-laptop  my-manager@their-work-laptop
laptops my-awesome-laptop corp@work-laptop

$ cat accounts.txt
alice@home.local                                  @home
bob@foo.example.com                               @work
carol@my-deskop.lan                               @laptops  carol@my-desktop
irc@my-irc.shell                                  @home @work @laptops
admin@my-router.lan:/etc/dropbear/authorized_keys @home

$ go get github.com/sirupsen/logrus
$ go build sshkey-audit.go
$ ./sshkey-audit --keys=keys.txt --groups=groups.txt --accounts=accounts.txt expand
alice@home.local
  carol@my-desktop
  my-awesome-laptop
bob@foo.example.com
  corp@work-laptop
  my-awesome-laptop
  my-manager@their-work-laptop
carol@my-deskop.lan
  carol@my-desktop
  corp@work-laptop
  my-awesome-laptop
irc@my-irc.shell
  carol@my-desktop
  corp@work-laptop
  my-awesome-laptop
admin@my-router.lan
  carol@my-desktop
  my-awesome-laptop

$ ./sshkey-audit --keys=keys.txt --groups=groups.txt --accounts=accounts.txt check
[… tool logs in to all accounts and checks that this is correct …]

$ ./sshkey-audit --keys=keys.txt --groups=groups.txt --accounts=accounts.txt --add_missing check
[… tool logs in to all accounts and adds any missing keys  …]

$ ./sshkey-audit --keys=keys.txt --groups=groups.txt --accounts=accounts.txt --delete_extra check
[… tool logs in to all accounts and deletes any extraneous keys  …]

$ # the 'fix' command is equal to 'check' with --add_missing and --delete_extra.

Adding the carol@my-desktop key to allow logging in to carol@my-desktop.lan can sometimes be useful to ssh localhost.

Documentation ¶

Overview ¶

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Source Files ¶

View all Source files

sshkey-audit.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL