Script ssh-publickey-acceptance

Script types: portrule
Categories: auth, intrusive
Download: https://svn.nmap.org/nmap/scripts/ssh-publickey-acceptance.nse

Script Summary

This script takes a table of paths to private keys, passphrases, and usernames and checks each pair to see if the target ssh server accepts them for publickey authentication. If no keys are given or the known-bad option is given, the script will check if a list of known static public keys are accepted for authentication.

Script Arguments

knownbad

If specified, check if keys from publickeydb are accepted

ssh.privatekeys

Table containing filenames of privatekeys to test

publickeydb

Specifies alternative publickeydb

ssh.usernames

Table containing usernames to check

ssh.publickeys

Table containing filenames of publickkeys to test

ssh.passphrases

Table containing passphrases for each private key

Example Usage

•  nmap -p 22 --script ssh-publickey-acceptance --script-args "ssh.usernames={'root', 'user'}, ssh.privatekeys={'./id_rsa1', './id_rsa2'}"  <target>
  

•  nmap -p 22 --script ssh-publickey-acceptance --script-args 'ssh.usernames={"root", "user"}, publickeys={"./id_rsa1.pub", "./id_rsa2.pub"}'  <target>
  

Script Output

22/tcp open  ssh     syn-ack
| ssh-publickey-acceptance:
|   Accepted Public Keys:
|_    Key ./id_rsa1 accepted for user root

Requires

• nmap
• shortport
• stdnse
• base64
• string
• table
• io

---

Author:

• Devin Bjelland

License: Same as Nmap--See https://nmap.org/book/man-legal.html