-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathssh-keymasher.py
More file actions
92 lines (86 loc) · 3.58 KB
/
ssh-keymasher.py
File metadata and controls
92 lines (86 loc) · 3.58 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
import argparse
import json
import os
import paramiko
from getpass import getpass
class IgnorePolicy(paramiko.MissingHostKeyPolicy):
def missing_host_key(self, client, hostname, key):
return True
def get_files(ssh_dir):
files = []
for filename in os.listdir(ssh_dir):
full_ssh_path = "/".join([ssh_dir, filename])
if os.path.isdir(full_ssh_path):
# Skip iteration if directory
continue
files.append(full_ssh_path)
return files
def test_hosts(hosts=None, port=22, ssh_dir=None,
username=os.getenv('USER')):
ssh_keys = []
for filename in get_files(ssh_dir):
valid_key = False
if not valid_key:
try:
keyobj = paramiko.rsakey.RSAKey(filename=filename)
ssh_keys.append({'key_file': filename,
'key_object': keyobj})
valid_key = True
except paramiko.ssh_exception.PasswordRequiredException:
try:
pw = getpass("%s passphrase: " % filename)
keyobj = paramiko.rsakey.RSAKey(filename=filename,
password=pw)
ssh_keys.append({'key_file': filename,
'key_object': keyobj})
valid_key = True
except paramiko.ssh_exception.SSHException:
pass
except paramiko.ssh_exception.SSHException:
pass
if not valid_key:
try:
keyobj = paramiko.dsskey.DSSKey(filename=filename)
ssh_keys.append({'key_file': filename,
'key_object': keyobj})
valid_key = True
except paramiko.ssh_exception.SSHException:
pass
data = {}
for host in hosts.split(','):
working_keys = []
nonworking_keys = []
for item in ssh_keys:
client = paramiko.client.SSHClient()
client.set_missing_host_key_policy(IgnorePolicy())
try:
client.connect(hostname=host,
username=username,
port=port,
pkey=item['key_object'],
allow_agent=False,
look_for_keys=False)
stdin, stdout, stderr = client.exec_command('uptime')
working_keys.append(item['key_file'])
except paramiko.ssh_exception.AuthenticationException:
nonworking_keys.append(item['key_file'])
finally:
client.close()
data[host] = { 'valid': working_keys,
'invalid': nonworking_keys }
return data
if __name__ == '__main__':
description = "Tool to test keys in the user's home directory"
dir_help = "directory containing keys to be tested (default: $HOME/.ssh)"
parser = argparse.ArgumentParser(description=description)
parser.add_argument('ssh_hosts',
help='Host or hosts you want to test keys on. Multiple hosts seperated by comma')
parser.add_argument('--directory', '-d',
help=dir_help,
default=os.path.expanduser("~/.ssh"))
parser.add_argument('--user', '-u', help='User to ssh as')
args = parser.parse_args()
key_data = test_hosts(hosts=args.ssh_hosts,
username=args.user,
ssh_dir=args.directory)
print json.dumps(key_data, sort_keys=True,indent=2)