Rapid7 Vulnerability & Exploit Database

SSH Public Key Acceptance Scanner

Back to Search

SSH Public Key Acceptance Scanner

Created
05/30/2018

Description

This module can determine what public keys are configured for key-based authentication across a range of machines, users, and sets of known keys. The SSH protocol indicates whether a particular key is accepted prior to the client performing the actual signed authentication request. To use this module, a text file containing one or more SSH keys should be provided. These can be private or public, so long as no passphrase is set on the private keys. If you have loaded a database plugin and connected to a database this module will record authorized public keys and hosts so you can track your process. Key files may be a single public (unencrypted) key, or several public keys concatenated together as an ASCII text file. Non-key data should be silently ignored. Private keys will only utilize the public key component stored within the key file.

Author(s)

  • todb <todb@metasploit.com>
  • hdm <x@hdm.io>
  • Stuart Morgan <stuart.morgan@mwrinfosecurity.com>

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use auxiliary/scanner/ssh/ssh_identify_pubkeys
msf auxiliary(ssh_identify_pubkeys) > show actions
    ...actions...
msf auxiliary(ssh_identify_pubkeys) > set ACTION < action-name >
msf auxiliary(ssh_identify_pubkeys) > show options
    ...show and set options...
msf auxiliary(ssh_identify_pubkeys) > run 

Time is precious, so I don’t want to do something manually that I can automate. Leveraging the Metasploit Framework when automating any task keeps us from having to re-create the wheel as we can use the existing libraries and focus our efforts where it matters.

– Jim O’Gorman | President, Offensive Security

;