-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathanalyze-ssh-private-key
More file actions
executable file
·128 lines (112 loc) · 3.99 KB
/
Copy pathanalyze-ssh-private-key
File metadata and controls
executable file
·128 lines (112 loc) · 3.99 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
#!/usr/bin/env python3
import json
import os
import subprocess
import sys
from getpass import getpass
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import rsa, dsa, ec, ed25519
__doc__ = f"""
USAGE
{os.path.basename(__file__)} <private-key-file-path>
DESCRIPTION
Analyzes an SSH private key. It extracts the public key, comment, and key
details. It then attempts to authenticate to specific hosts to see if the
key is active on those platforms.
"""
def analyze(key_file_path):
results = {
"valid": False,
"analysis": {"access": {}},
}
try:
proc = subprocess.run(
["ssh-keygen", "-y", "-f", key_file_path],
capture_output=True,
text=True,
check=True,
)
results["valid"] = None
results["analysis"]["public_key"] = proc.stdout.strip()
except Exception as e:
results["error"] = f"Failed to parse key: {e}"
return results
# Test against Git providers
providers = [
"github.com",
"gitlab.com",
"bitbucket.org",
"codeberg.org",
"git.sr.ht",
# This FPs a lot. Need to figure out a better solution
# "ssh.dev.azure.com",
# "source.developers.google.com",
"git-codecommit.us-east-1.amazonaws.com",
"git-codecommit.us-east-2.amazonaws.com",
"git-codecommit.us-west-1.amazonaws.com",
"git-codecommit.us-west-2.amazonaws.com",
"git-codecommit.af-south-1.amazonaws.com",
"git-codecommit.ap-east-1.amazonaws.com",
"git-codecommit.ap-south-1.amazonaws.com",
"git-codecommit.ap-south-2.amazonaws.com",
"git-codecommit.ap-northeast-1.amazonaws.com",
"git-codecommit.ap-northeast-2.amazonaws.com",
"git-codecommit.ap-northeast-3.amazonaws.com",
"git-codecommit.ap-southeast-1.amazonaws.com",
"git-codecommit.ap-southeast-2.amazonaws.com",
"git-codecommit.ap-southeast-3.amazonaws.com",
"git-codecommit.ca-central-1.amazonaws.com",
"git-codecommit.eu-central-1.amazonaws.com",
"git-codecommit.eu-west-1.amazonaws.com",
"git-codecommit.eu-west-2.amazonaws.com",
"git-codecommit.eu-west-3.amazonaws.com",
"git-codecommit.eu-north-1.amazonaws.com",
"git-codecommit.eu-south-1.amazonaws.com",
"git-codecommit.il-central-1.amazonaws.com",
"git-codecommit.me-south-1.amazonaws.com",
"git-codecommit.me-central-1.amazonaws.com",
"git-codecommit.sa-east-1.amazonaws.com",
"git-codecommit.us-gov-east-1.amazonaws.com",
"git-codecommit.us-gov-west-1.amazonaws.com",
]
for provider in providers:
user = "git"
# Bitbucket uses 'git' as the user for SSH auth checks
command = [
"ssh",
"-T",
"-F",
"/dev/null",
"-o",
"IdentitiesOnly=yes",
"-o",
"PasswordAuthentication=no",
"-o",
"StrictHostKeyChecking=no",
"-o",
"LogLevel=ERROR",
"-i",
key_file_path,
f"{user}@{provider}",
]
try:
proc = subprocess.run(command, capture_output=True, text=True, timeout=10)
auth_success = "denied" not in proc.stderr.lower()
if auth_success:
results["valid"] = True
results["analysis"]["access"][provider] = {
"stdout": proc.stdout.strip(),
"stderr": proc.stderr.strip(),
"exit_code": proc.returncode,
}
except Exception as e:
results["analysis"]["access"][provider] = {
"error": "connection timeout",
}
return results
if __name__ == "__main__":
if len(sys.argv) != 2:
print(__doc__, file=sys.stderr)
sys.exit(1)
results = analyze(sys.argv[1])
print(json.dumps(results, indent=2))