afmarulanda/ssh_key_checks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update ssh_key_checks

Browse Source
This commit is contained in:
Andrés Felipe Marulanda Hernández 2025-02-26 17:32:40 +00:00
parent e9436b6abb
commit 2e7a1bf61b
1 changed files with 19 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
ssh_key_checks
View File

@ -64,7 +64,7 @@ echo "--------------------------------------"
# Buscar archivos de claves SSH en todo el sistema # Buscar archivos de claves SSH en todo el sistema
echo "🔍 Buscando archivos de claves SSH en todo el sistema..." echo "🔍 Buscando archivos de claves SSH en todo el sistema..."
echo "------------------------------------------------------------" echo "------------------------------------------------------------"
printf "%-20s %-50s %-10s %-15s %-10s\n" "Usuario" "Ruta del archivo" "Permisos" "SSH Habilitado" "Llaves" printf "%-20s %-50s %-10s %-15s %-10s %-5s\n" "Usuario" "Ruta del archivo" "Permisos" "SSH Habilitado" "Llaves" "Estado"
echo "------------------------------------------------------------" echo "------------------------------------------------------------"
KEY_FILES=$(find / -type f \( -name "authorized_keys" -o -name "*.pub" -o -name "*id_rsa*" -o -name "*id_ed25519*" \) 2>/dev/null) KEY_FILES=$(find / -type f \( -name "authorized_keys" -o -name "*.pub" -o -name "*id_rsa*" -o -name "*id_ed25519*" \) 2>/dev/null)
@ -87,11 +87,21 @@ while IFS=: read -r username _ _ _ _ homedir _; do
file_owner=$(stat -c "%U" "$key_file" 2>/dev/null) file_owner=$(stat -c "%U" "$key_file" 2>/dev/null)
if [[ "$file_owner" == "$username" ]]; then if [[ "$file_owner" == "$username" ]]; then
permisos=$(stat -c "%a" "$key_file") permisos=$(stat -c "%a" "$key_file")
num_llaves=$(grep -E -c "^(ssh-rsa|ssh-ed25519)" "$key_file" 2>/dev/null) num_llaves=$(grep -E -c "^(ssh-rsa|ssh-ed25519|ecdsa-sha2-nistp256|ecdsa-sha2-nistp384|ecdsa-sha2-nistp521)" "$key_file" 2>/dev/null)
# Determinar tipo de llave
estado_icono=""
if grep -q "ssh-ed25519" "$key_file" 2>/dev/null; then
estado_icono="✅"
elif grep -q "ssh-rsa" "$key_file" 2>/dev/null; then
estado_icono="⚠️"
else
estado_icono="❌"
fi
if [[ $num_llaves -gt 0 ]]; then if [[ $num_llaves -gt 0 ]]; then
user_has_keys=1 user_has_keys=1
user_keys_paths+=("$key_file;$permisos;$num_llaves") user_keys_paths+=("$key_file;$permisos;$num_llaves;$estado_icono")
fi fi
fi fi
done done
@ -124,18 +134,18 @@ while IFS=: read -r username _ _ _ _ homedir _; do
done done
fi fi
# Mostrar en pantalla solo si hay llaves válidas # Si hay llaves, mostrar la información
if [[ ${#user_keys_paths[@]} -gt 0 ]]; then if [[ ${#user_keys_paths[@]} -gt 0 ]]; then
first_entry=1 first_entry=1
total_keys=0 total_keys=0
for key_entry in "${user_keys_paths[@]}"; do for key_entry in "${user_keys_paths[@]}"; do
IFS=";" read -r key_path permisos num_llaves <<< "$key_entry" IFS=";" read -r key_path permisos num_llaves estado_icono <<< "$key_entry"
total_keys=$((total_keys + num_llaves)) total_keys=$((total_keys + num_llaves))
if [[ $first_entry -eq 1 ]]; then if [[ $first_entry -eq 1 ]]; then
printf "%-20s %-50s %-10s %-15s %-10s\n" "$username" "$key_path" "$permisos" "$ssh_habilitado" "$num_llaves" printf "%-20s %-50s %-10s %-15s %-10s %-5s\n" "$username" "$key_path" "$permisos" "$ssh_habilitado" "$num_llaves" "$estado_icono"
first_entry=0 first_entry=0
else else
printf "%-20s %-50s %-10s %-15s %-10s\n" "" "$key_path" "$permisos" "" "$num_llaves" printf "%-20s %-50s %-10s %-15s %-10s %-5s\n" "" "$key_path" "$permisos" "" "$num_llaves" "$estado_icono"
fi fi
done done
USERS_WITH_KEYS+=("$username:${user_keys_paths[*]}") USERS_WITH_KEYS+=("$username:${user_keys_paths[*]}")
@ -159,8 +169,8 @@ if [[ ${#USERS_WITH_KEYS[@]} -gt 0 ]]; then
echo "------------------------------------------------------------" echo "------------------------------------------------------------"
for key_entry in "${key_paths[@]}"; do for key_entry in "${key_paths[@]}"; do
IFS=";" read -r key_path _ num_llaves <<< "$key_entry" IFS=";" read -r key_path _ num_llaves estado_icono <<< "$key_entry"
echo "📁 Archivo: $key_path ($num_llaves claves)" echo "📁 Archivo: $key_path ($num_llaves claves) $estado_icono"
echo "🔹 Contenido:" echo "🔹 Contenido:"
grep -E "^(ssh-rsa|ssh-ed25519)" "$key_path" 2>/dev/null grep -E "^(ssh-rsa|ssh-ed25519)" "$key_path" 2>/dev/null
echo "" echo ""