From 2e7a1bf61b666c8c5c7568648ff780c5911be603 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9s=20Felipe=20Marulanda=20Hern=C3=A1ndez?= Date: Wed, 26 Feb 2025 17:32:40 +0000 Subject: [PATCH] Update ssh_key_checks --- ssh_key_checks | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/ssh_key_checks b/ssh_key_checks index ca5d10f..e7fcabd 100644 --- a/ssh_key_checks +++ b/ssh_key_checks @@ -64,7 +64,7 @@ echo "--------------------------------------" # Buscar archivos de claves SSH en todo el sistema echo "🔍 Buscando archivos de claves SSH en todo el sistema..." echo "------------------------------------------------------------" -printf "%-20s %-50s %-10s %-15s %-10s\n" "Usuario" "Ruta del archivo" "Permisos" "SSH Habilitado" "Llaves" +printf "%-20s %-50s %-10s %-15s %-10s %-5s\n" "Usuario" "Ruta del archivo" "Permisos" "SSH Habilitado" "Llaves" "Estado" echo "------------------------------------------------------------" KEY_FILES=$(find / -type f \( -name "authorized_keys" -o -name "*.pub" -o -name "*id_rsa*" -o -name "*id_ed25519*" \) 2>/dev/null) @@ -87,11 +87,21 @@ while IFS=: read -r username _ _ _ _ homedir _; do file_owner=$(stat -c "%U" "$key_file" 2>/dev/null) if [[ "$file_owner" == "$username" ]]; then permisos=$(stat -c "%a" "$key_file") - num_llaves=$(grep -E -c "^(ssh-rsa|ssh-ed25519)" "$key_file" 2>/dev/null) + num_llaves=$(grep -E -c "^(ssh-rsa|ssh-ed25519|ecdsa-sha2-nistp256|ecdsa-sha2-nistp384|ecdsa-sha2-nistp521)" "$key_file" 2>/dev/null) + + # Determinar tipo de llave + estado_icono="" + if grep -q "ssh-ed25519" "$key_file" 2>/dev/null; then + estado_icono="✅" + elif grep -q "ssh-rsa" "$key_file" 2>/dev/null; then + estado_icono="⚠️" + else + estado_icono="❌" + fi if [[ $num_llaves -gt 0 ]]; then user_has_keys=1 - user_keys_paths+=("$key_file;$permisos;$num_llaves") + user_keys_paths+=("$key_file;$permisos;$num_llaves;$estado_icono") fi fi done @@ -124,18 +134,18 @@ while IFS=: read -r username _ _ _ _ homedir _; do done fi - # Mostrar en pantalla solo si hay llaves válidas + # Si hay llaves, mostrar la información if [[ ${#user_keys_paths[@]} -gt 0 ]]; then first_entry=1 total_keys=0 for key_entry in "${user_keys_paths[@]}"; do - IFS=";" read -r key_path permisos num_llaves <<< "$key_entry" + IFS=";" read -r key_path permisos num_llaves estado_icono <<< "$key_entry" total_keys=$((total_keys + num_llaves)) if [[ $first_entry -eq 1 ]]; then - printf "%-20s %-50s %-10s %-15s %-10s\n" "$username" "$key_path" "$permisos" "$ssh_habilitado" "$num_llaves" + printf "%-20s %-50s %-10s %-15s %-10s %-5s\n" "$username" "$key_path" "$permisos" "$ssh_habilitado" "$num_llaves" "$estado_icono" first_entry=0 else - printf "%-20s %-50s %-10s %-15s %-10s\n" "" "$key_path" "$permisos" "" "$num_llaves" + printf "%-20s %-50s %-10s %-15s %-10s %-5s\n" "" "$key_path" "$permisos" "" "$num_llaves" "$estado_icono" fi done USERS_WITH_KEYS+=("$username:${user_keys_paths[*]}") @@ -159,8 +169,8 @@ if [[ ${#USERS_WITH_KEYS[@]} -gt 0 ]]; then echo "------------------------------------------------------------" for key_entry in "${key_paths[@]}"; do - IFS=";" read -r key_path _ num_llaves <<< "$key_entry" - echo "📁 Archivo: $key_path ($num_llaves claves)" + IFS=";" read -r key_path _ num_llaves estado_icono <<< "$key_entry" + echo "📁 Archivo: $key_path ($num_llaves claves) $estado_icono" echo "🔹 Contenido:" grep -E "^(ssh-rsa|ssh-ed25519)" "$key_path" 2>/dev/null echo ""