New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature request: Consider host entries in .ssh/config #103
Comments
That would be convenient.
If someone was interested in writing that patch, I'd be happy to merge
it!
|
Maybe consider a separate subcommand, e.g. Otherwise how would you decide what Is the location of the ssh-config file always |
I think this is a very good question but I'm not convinced that adding code to ssh-audit to parse and extract data from openssh config files is the right thing to do. I just feel it's not really ssh-audit's job to do this and it could be solved a different way... What I would suggest is that you extract the data from the config file using a tool like |
If you'd ask me I'd say it should be as simple as possible (the goal being less typing, not more), e.g. an option -h to check for hostnames in .ssh/config first, and maybe -H to specify a /path/to/a/config file. |
I immediately thought on |
@shoopdawoop Does the bash script below do what you want? To use it:
#!/bin/bash
# USAGE: scan_host_in_ssh_config.sh <host>
# EXAMPLE: scan_host_in_ssh_config.sh staging
################################################################################
# How it works:
# 1. Print the host details.
# 2. Extract the hostname and port.
# 3. Select the second field.
# 4. Insert the '-p' parameter on line two.
# 5. Replace line feeds with a space.
# 6. Pass the resultant text to ssh-audit using xargs.
################################################################################
SSH_AUDIT_PY=~/ssh-audit/ssh-audit.py
ssh -G $1 | grep '^hostname \|^port ' | cut -d ' ' -f2 | sed '2 i\-p' | tr -s "\n" ' ' | xargs "$SSH_AUDIT_PY" |
This works great and I learned a few things. Thank you! I had to replace This works well for me, so feel free to close. |
Just as a hint... For a Python package you can specify more than one command line entry point. Once you install the e.g. |
You're very welcome, I'm glad it worked. The command pipeline that I wrote could almost certainly be refined and improved so it doesn't use quite so many different tools. The point I really wanted to illustrate is that we don't necessarily need to overcomplicate ssh-audit so it handles specific types of input because it's actually already incredibly flexible just by virtue of being a command line tool. It's entirely up to you if you close this issue or not. |
This "in the spirit of *nix way" is fine with me. Again, thank you! |
It would be convenient if host entries in .ssh/config (hostname, port) could be recognised and automatically be used, so an entry like
would allow a simple
ssh-audit.py staging
instead of a
ssh-audit.py -p 54321 mystagingserver.domain.com
The text was updated successfully, but these errors were encountered: