Checking ssh keys have passphrases

ssh ssl openssh openssl
6,697

If a keyfile uses a passphrase it has "Proc-Type:" attribute set with the word "ENCRYPTED" appended.

So, you can determine if a keyfile uses passphrase by running it through find and grep to see if it has the string 'ENCRYPTED'.

# list keyfiles that USE a passphrase
HOMES=/home /mnt/nfs_home
find $HOMES -maxdepth 3 -type f -path '*/.ssh/id* -name "id_[dr]sa*" -exec grep -q "ENCRYPTED" {} \; -print

prints a list of files that have passphrases. Then you can match those against a list of all keyfiles to single out those that doesn't use a passphrase. A list of all keyfiles can be obtained e.g. by leaving the -exec parameter out, as follows:

# list all keyfiles
HOMES=/home /mnt/nfs_home
find $HOMES -maxdepth 3 -type f -path '*/.ssh/id* -name "id_[dr]sa*" -print
Share:
6,697

Related videos on Youtube

Peter Farmer
Author by

Peter Farmer

I'm a Technical Architect who likes playing with python, google app engine and Amazons ec2/s3 etc....

Updated on September 17, 2022

Comments

  • Peter Farmer
    Peter Farmer over 1 year

    I have a bunch of users, who with SSH keys have access to accounts on other servers. Currently I have a script which collects up the ssh public keys and distributes them to the correct account on the correct servers.

    What I want to do, is get that script to check that any given users ssh key has a passphrase before accepting the public key and distributing it.

    I've tried a number of things, like using an ssh-agent and ssh-add and then the problem comes when ssh-add gets asked for passphrase.

    Is there a way to get something like openssl to check for passphrase, fail slightly with a return code of 1 if the key has a passphrase?

    Thanks!

    • user1686
      user1686 over 13 years
      Could you clarify whether the requirement is to have a passphrase or not to have it - and because of what reasons?
    • Peter Farmer
      Peter Farmer over 13 years
      grawity: My requirement is to make sure users have set passphrases on their ssh keys, only keys with passphrases will get distributed to the other servers.
  • Oneiroi
    Oneiroi almost 5 years
    No longer possible with new SSH key format, the Proc-Type header is not written to the file, despite being encrypted.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

error while loading shared libraries: libssl.so.1.1 (and libcrypto.so.1.1)
Created a new OpenSSL key and I don't know where my CSR file is?
libcrypto.so.1.0.0: no version information available (required by ssh)
How to generate Openssl .pem file and where we have to place it
sftp fails: “client_loop: send disconnect: Broken pipe”; log shows: “forced close”
Why isn't openssl s_client passing my private key to proxytunnel?
Convert OpenSSH public key to a PKCS#1 in HEX format with spaces and columns
Can't find the openssl.cnf file on my mac
Does .pem file contain both private and public keys?
Cannot connect to wss with Flutter