Check Safety of SSH Public Keys
SSH is great! Poorly-configured SSH keys are not. Tools are provided to assess the safety of SSH public keys in multiple contexts.
The following functions are implemented:
check_gh_following
: Check all SSH keys of GitHub users a particular account is followingcheck_gh_org_members
: Check all SSH keys of GitHub users that are members of a specified GitHub organizationcheck_gh_repo_contributors
: Check all SSH keys of GitHub users a particular account is followingcheck_gh_user_keys
: Check one or more GitHub user’s keyscheck_ssh_pub_key
: Check one SSH public key
remotes::install_github("hrbrmstr/pubcheck")
NOTE: To use the ‘remotes’ install options you will need to have the {remotes} package installed.
library(pubcheck)
library(tidyverse)
# current version
packageVersion("pubcheck")
## [1] '0.3.0'
check_ssh_pub_key("~/.ssh/id_rsa.pub") |>
mutate(key = ifelse(is.na(key), NA_character_, sprintf("%s…", substr(key, 1, 30)))) |>
knitr::kable()
key | algo | len | status |
---|---|---|---|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQ… | rsa | 4096 | ✅ Key is safe |
check_gh_user_keys(c("hrbrmstr", "mikemahoney218")) |>
mutate(key = ifelse(is.na(key), NA_character_, sprintf("%s…", substr(key, 1, 30)))) |>
knitr::kable()
user | key | algo | len | status |
---|---|---|---|---|
hrbrmstr | ssh-rsa AAAAB3NzaC1yc2EAAAADAQ… | rsa | 2048 | ✅ Key is safe; For the RSA algorithm at least 2048, recommended 4096 |
hrbrmstr | ssh-rsa AAAAB3NzaC1yc2EAAAADAQ… | rsa | 2048 | ✅ Key is safe; For the RSA algorithm at least 2048, recommended 4096 |
hrbrmstr | ssh-rsa AAAAB3NzaC1yc2EAAAADAQ… | rsa | 4096 | ✅ Key is safe |
mikemahoney218 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQ… | rsa | 4096 | ✅ Key is safe |
mikemahoney218 | ssh-ed25519 AAAAC3NzaC1lZDI1NT… | ed25519 | 256 | ✅ Key is safe |
mikemahoney218 | ssh-ed25519 AAAAC3NzaC1lZDI1NT… | ed25519 | 256 | ✅ Key is safe |
mikemahoney218 | ssh-ed25519 AAAAC3NzaC1lZDI1NT… | ed25519 | 256 | ✅ Key is safe |
check_gh_following("koenrh") |>
mutate(key = ifelse(is.na(key), NA_character_, sprintf("%s…", substr(key, 1, 30)))) |>
knitr::kable()
user | key | algo | len | status |
---|---|---|---|---|
framer | NA | NA | NA | NA |
jurre | ssh-rsa AAAAB3NzaC1yc2EAAAADAQ… | rsa | 2048 | ✅ Key is safe; For the RSA algorithm at least 2048, recommended 4096 |
check_gh_repo_contributors("hrbrmstr", "ggalt") |>
mutate(key = ifelse(is.na(key), NA_character_, sprintf("%s…", substr(key, 1, 30)))) |>
knitr::kable()
user | key | algo | len | status |
---|---|---|---|---|
hrbrmstr | ssh-rsa AAAAB3NzaC1yc2EAAAADAQ… | rsa | 2048 | ✅ Key is safe; For the RSA algorithm at least 2048, recommended 4096 |
hrbrmstr | ssh-rsa AAAAB3NzaC1yc2EAAAADAQ… | rsa | 2048 | ✅ Key is safe; For the RSA algorithm at least 2048, recommended 4096 |
hrbrmstr | ssh-rsa AAAAB3NzaC1yc2EAAAADAQ… | rsa | 4096 | ✅ Key is safe |
hcraT | NA | NA | NA | NA |
yonicd | ssh-rsa AAAAB3NzaC1yc2EAAAADAQ… | rsa | 3072 | ✅ Key is safe; For the RSA algorithm at least 2048, recommended 4096 |
yonicd | ssh-rsa AAAAB3NzaC1yc2EAAAADAQ… | rsa | 2048 | ✅ Key is safe; For the RSA algorithm at least 2048, recommended 4096 |
yonicd | ssh-ed25519 AAAAC3NzaC1lZDI1NT… | ed25519 | 256 | ✅ Key is safe |
yonicd | ssh-ed25519 AAAAC3NzaC1lZDI1NT… | ed25519 | 256 | ✅ Key is safe |
bbolker | ssh-rsa AAAAB3NzaC1yc2EAAAABIw… | rsa | 2048 | ✅ Key is safe; For the RSA algorithm at least 2048, recommended 4096 |
benmarwick | ssh-rsa AAAAB3NzaC1yc2EAAAADAQ… | rsa | 2048 | ✅ Key is safe; For the RSA algorithm at least 2048, recommended 4096 |
cpsievert | ssh-rsa AAAAB3NzaC1yc2EAAAADAQ… | rsa | 2048 | ✅ Key is safe; For the RSA algorithm at least 2048, recommended 4096 |
jankatins | ssh-rsa AAAAB3NzaC1yc2EAAAADAQ… | rsa | 2048 | ✅ Key is safe; For the RSA algorithm at least 2048, recommended 4096 |
jankatins | ssh-ed25519 AAAAC3NzaC1lZDI1NT… | ed25519 | 256 | ✅ Key is safe |
jonocarroll | ssh-rsa AAAAB3NzaC1yc2EAAAADAQ… | rsa | 4096 | ✅ Key is safe |
jonocarroll | ssh-rsa AAAAB3NzaC1yc2EAAAADAQ… | rsa | 2048 | ✅ Key is safe; For the RSA algorithm at least 2048, recommended 4096 |
jonocarroll | ssh-ed25519 AAAAC3NzaC1lZDI1NT… | ed25519 | 256 | ✅ Key is safe |
pkq | NA | NA | NA | NA |
rplzzz | ssh-rsa AAAAB3NzaC1yc2EAAAADAQ… | rsa | 3072 | ✅ Key is safe; For the RSA algorithm at least 2048, recommended 4096 |
jjchern | NA | NA | NA | NA |
larmarange | ssh-rsa AAAAB3NzaC1yc2EAAAADAQ… | rsa | 4096 | ✅ Key is safe |
larmarange | ssh-rsa AAAAB3NzaC1yc2EAAAADAQ… | rsa | 4096 | ✅ Key is safe |
Lang | # Files | (%) | LoC | (%) | Blank lines | (%) | # Lines | (%) |
---|---|---|---|---|---|---|---|---|
R | 7 | 0.35 | 124 | 0.34 | 41 | 0.28 | 55 | 0.29 |
YAML | 2 | 0.10 | 35 | 0.10 | 10 | 0.07 | 2 | 0.01 |
Rmd | 1 | 0.05 | 21 | 0.06 | 22 | 0.15 | 39 | 0.20 |
SUM | 10 | 0.50 | 180 | 0.50 | 73 | 0.50 | 96 | 0.50 |
clock Package Metrics for pubcheck
Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms.