diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2019-03-26 23:31:11 -0300 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2019-03-26 23:31:11 -0300 |
commit | 6e9267bf75c6d7ce93e7a4be22d88d2c354cfcb9 (patch) | |
tree | d22e815decec46235e3f2db5454d32cffa2d99c5 | |
parent | f0e4160c6c9a5e9e24781e2a7678d487cda69da1 (diff) | |
download | utils-ssh-6e9267bf75c6d7ce93e7a4be22d88d2c354cfcb9.tar.gz utils-ssh-6e9267bf75c6d7ce93e7a4be22d88d2c354cfcb9.tar.bz2 |
Do not list keys without password at ssh-agent-loadkey (robust approach)
-rwxr-xr-x | ssh-agent-loadkey | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/ssh-agent-loadkey b/ssh-agent-loadkey index 840ea82..841e3d2 100755 --- a/ssh-agent-loadkey +++ b/ssh-agent-loadkey @@ -18,7 +18,8 @@ function __query { ( cd $KEYS && find -name '*.pub' | sed -e 's/.pub$//' | grep -v decomissioned | while read line; do # See https://security.stackexchange.com/questions/129724/how-to-check-if-an-ssh-private-key-has-passphrase-or-not#129727 - if grep -q ',ENCRYPTED' $line; then + #if grep -q ',ENCRYPTED' $line; then + if ! ssh-keygen -y -P "" -f $line &> /dev/null; then handle="`echo $line | cut -d '/' -f 3`" type="`echo $line | cut -d '/' -f 2`" echo "$handle ($type)" |