forked from HariSekhon/DevOps-Bash-tools
-
Notifications
You must be signed in to change notification settings - Fork 0
/
check_ssh_keys_encrypted.sh
executable file
·60 lines (50 loc) · 1.24 KB
/
check_ssh_keys_encrypted.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
#!/usr/bin/env bash
# vim:ts=4:sts=4:sw=4:et
#
# Author: Hari Sekhon
# Date: circa 2006 - 2008 (forked from .bashrc)
#
# https://github.com/HariSekhon/DevOps-Bash-tools
#
# License: see accompanying Hari Sekhon LICENSE file
#
# If you're using my code you're welcome to connect with me on LinkedIn and optionally send me feedback to help steer this or other code I publish
#
# https://www.linkedin.com/in/HariSekhon
#
# Checks SSH protocol v2 keys
set -euo pipefail
[ -n "${DEBUG:-}" ] && set -x
srcdir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
# shellcheck source=lib/utils.sh
. "$srcdir/lib/utils.sh"
section "SSH Keys encrypted check"
for arg in "$@"; do
# shellcheck disable=SC2119
case "$arg" in
-*) usage
;;
esac
done
check_bin openssl
errors=0
check_ssh_keys_encrypted(){
echo "checking keys:"
echo
for key in "${@:-~/.ssh/id_rsa}"; do
printf "%s" "$key => "
if openssl rsa -noout -passin pass:none -in "$key" 2>/dev/null; then
echo "WARNING: your SSH Key '$key' is unprotected. Encrypt it and use SSH agent"
errors=1
else
echo "OK"
fi
done
}
check_ssh_keys_encrypted "$@"
if [ $errors = 1 ]; then
exit 1
fi
echo
hr
echo