Test ssh login key acceptance without having the private key

ssh-key-confirmer

This confirms if a SSH public key is listed as a authorized_key on a system

Usage

$ ssh-key-confirmer -i ./id_rsa.pub [email protected]
Key is present on user+server
$ ssh-key-confirmer -i ./id_ed25519.pub ben@localhost
Key not found on user+server

How does this work

If you ssh with verbose mode enabled, you can see that the way ssh works is that you offer a key to a server, and it will respond back if it accepts or not (and then you provide a signed copy of a shared session secret as proof you own the key)

$ ssh -v -i id_ed25519 localhost
OpenSSH_8.2p1 Ubuntu-4ubuntu0.3, OpenSSL 1.1.1f  31 Mar 2020
debug1: Reading configuration data /home/ben/.ssh/config
...
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
...
debug1: Authenticating to localhost:22 as 'ben'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
...
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: cardno:000605032939 RSA SHA256:CtGA1RT0bAOd06HHIRQTB9reCED/SrD2MGfS8MUEd6Q agent
debug1: Authentications that can continue: publickey,password
>>>>>> debug1: Offering public key: id_ed25519 ED25519 SHA256:Wml16ewzvx7SBMLmFkvVxZBiwN5lAcFm6nuLJF2rKYY explicit <<<<<<
>>>>>> debug1: Server accepts key: id_ed25519 ED25519 SHA256:Wml16ewzvx7SBMLmFkvVxZBiwN5lAcFm6nuLJF2rKYY explicit  <<<<<<
debug1: Authentication succeeded (publickey).
Authenticated to localhost ([127.0.0.1]:22).
...
Welcome to Ubuntu 20.04.3 LTS (GNU/Linux 5.10.26-2fast2benjojo x86_64)

This tool simply offers the key, and if it's accepted it will confirm that key exists, a server could be configured to accept every possible key. There is an attempt to detect when this is happening.

How do I know this is being done to me?

You will get [preauth] disconnections, though a lot of other things can cause that too so... /shrug

Connection closed by authenticating user ben 127.0.0.1 port 59566 [preauth]

That's a janky name

Well, ssh-keyscan was taken, and I'm pretty sure i've seen a ssh-check-key somewhere.

Owner
Ben Cox
Ben Cox
https://github.com/benjojo/ssh-key-confirmer
Similar Resources

An SSH key pair generator

An SSH key pair generator

Keygen An SSH key pair generator. Supports generating RSA and Ed25519 keys. Example k, err := NewWithWrite(".ssh", "my_awesome_key", []byte(""), key.E

Dec 24, 2022

Fast Private DNS,提供自定义的DNS记录配置和DNS解析缓存。

fpdns Fast Private DNS,提供自定义的DNS记录配置和DNS解析缓存。 特性: A记录 CNAME 泛解析 DNS负载均衡 缓存DNS解析结果 上游同时多DNS Server查询 各系统测试情况 Linux: 已稳定运行3年多 Darwin: 已开发测试 Windows: 未测试

Nov 4, 2021

Connect your devices into a single private WireGuard®-based mesh network.

Wiretrustee A WireGuard®-based mesh network that connects your devices into a single private network. Why using Wiretrustee? Connect multiple devices

Dec 31, 2022

Wrapper around bufcli to make it do cross-repo compiles for private repos and use full paths.

Wrapper around bufcli to make it do cross-repo compiles for private repos and use full paths.

Bufme A tool for compiling protos with full directory paths and cross repo compiles. Introduction Protocol buffers rock, but protoc should die in a fi

Feb 5, 2022

A C/S Tool to Download Torrent Remotely and Retrieve Files Back Over HTTP at Full Speed without ISP Torrent Limitation.

remote-torrent Download Torrent Remotely and Retrieve Files Over HTTP at Full Speed without ISP Torrent Limitation. This repository is an extension to

Sep 30, 2022

rconn is a multiplatform program for creating generic reverse connections. Lets you consume services that are behind firewall or NAT without opening ports or port-forwarding.

rconn is a multiplatform program for creating generic reverse connections. Lets you consume services that are behind firewall or NAT without opening ports or port-forwarding.

rconn (r[everse] conn[ection]) is a multiplatform program for creating reverse connections. It lets you consume services that are behind NAT and/or fi

Jan 1, 2023

kcp is a prototype of a Kubernetes API server that is not a Kubernetes cluster - a place to create, update, and maintain Kube-like APis with controllers above or without clusters.

kcp is a prototype of a Kubernetes API server that is not a Kubernetes cluster - a place to create, update, and maintain Kube-like APis with controllers above or without clusters.

kcp is a minimal Kubernetes API server How minimal exactly? kcp doesn't know about Pods or Nodes, let alone Deployments, Services, LoadBalancers, etc.

Jan 6, 2023

A TCP proxy used to expose services onto a tailscale network without root. Ideal for container environments.

tailscale-sidecar This is barely tested software, I don't guarantee it works but please make an issue if you use it and find a bug. Pull requests are

Dec 30, 2022

Internet connectivity for your VPC-attached Lambda functions without a NAT Gateway

Internet connectivity for your VPC-attached Lambda functions without a NAT Gateway

lambdaeip Internet connectivity for your VPC-attached Lambda functions without a NAT Gateway Background I occasionally have serverless applications th

Nov 9, 2022
Comments
  • Scripting usage with -q

    Scripting usage with -q

    hi!

    any chance you could add a -q flag that disables "key present/not present" output, so only the exit code is set?

    stdout could be piped to /dev/null, but that'd also hide errors that are currently printed to stdout instead of stderr.

    Ideally there'd be both a -q flag and errors on stderr, but either also works.

    Thanks!

Related tags
Network ssh-key-confirmer
🤘 The native golang ssh client to execute your commands over ssh connection. 🚀🚀
 🤘 The native golang ssh client to execute your commands over ssh connection. 🚀🚀

Golang SSH Client. Fast and easy golang ssh client module. Goph is a lightweight Go SSH client focusing on simplicity! Installation ❘ Features ❘ Usage

Dec 24, 2022
Extended ssh-agent which supports git commit signing over ssh

ssh-agentx ssh-agentx Rationale Requirements Configuration ssh-agentx Configuration ssh-gpg-signer Linux Windows Signing commits after configuration T

Jun 29, 2022
Golang `net/rpc` over SSH using installed SSH program

Golang net/rpc over SSH using installed SSH program This package implements a helper functions to launch an RPC client and server. It uses the install

Nov 16, 2022
Gsshrun - Running commands via ssh on the server/hosting (if ssh support) specified in the connection file

Gsshrun - Running commands via ssh on the server/hosting (if ssh support) specified in the connection file

Sep 8, 2022
one simple git ssh server (just for learning git over ssh )

wriet one simple git ssh server use golang write one simple git ssh server how to running starting service docker-compose up -d add authorized_keys i

Mar 5, 2022
Create a QR code with your Wi-Fi login details
 Create a QR code with your Wi-Fi login details

Wi-Fi QR Code generator Create a QR code with your Wi-Fi login details. Use Google Lens or other application to scan it and connect automatically. Ins

Dec 25, 2022
A Fyne login manager for linux desktop computers
 A Fyne login manager for linux desktop computers

Fin, the Fyne Login Manager This app is in it's very early stages and has only been tested with pam and systemd to log in users with a .xinitrc file.

Oct 12, 2022
GoReplay is an open-source tool for capturing and replaying live HTTP traffic into a test environment in order to continuously test your system with real data. It can be used to increase confidence in code deployments, configuration changes and infrastructure changes.
 GoReplay is an open-source tool for capturing and replaying live HTTP traffic into a test environment in order to continuously test your system with real data. It can be used to increase confidence in code deployments, configuration changes and infrastructure changes.

https://goreplay.org/ GoReplay is an open-source network monitoring tool which can record your live traffic, and use it for shadowing, load testing, m

Jan 1, 2023
GoReplay is an open-source tool for capturing and replaying live HTTP traffic into a test environment in order to continuously test your system with real data. It can be used to increase confidence in code deployments, configuration changes and infrastructure changes.
 GoReplay is an open-source tool for capturing and replaying live HTTP traffic into a test environment in order to continuously test your system with real data. It can be used to increase confidence in code deployments, configuration changes and infrastructure changes.

https://goreplay.org/ GoReplay is an open-source network monitoring tool which can record your live traffic, and use it for shadowing, load testing, m

Jan 1, 2023
Kobiton-execute-test-buildkite-plugin - A Buildkite Plugin to (synchronously) execute an automated test script on Kobiton service

Kobiton Execute Test Buildkite Plugin A Buildkite Plugin to (synchronously) exec

Feb 10, 2022