π SSH Key Security Auditor
Find weak keys, suspicious restrictions, and bad permissions
Audit SSH keys across all user accounts. Reports every authorized key with type and length, flags weak DSA/short RSA keys, finds private keys with world-readable permissions.
Features
- β Scans /home and /root/.ssh automatically
- β Reports key types (ed25519, RSA, DSA, ECDSA)
- β Flags weak keys (DSA, short RSA)
- β Detects restricted keys (command=, from=, no-pty)
- β Finds private keys with bad permissions (not 600/400)
- β Reports known_hosts entry counts
Usage
./ssh-key-auditor.sh
sudo ./ssh-key-auditor.sh # includes /root
./ssh-key-auditor.sh -u alice,bob
Download
Get the script from the Free Tools Pack, or grab it directly:
# Clone from the repo (scripts are in /products/free/)
curl -O https://pragmaticsysadmin.help/downloads/ssh-key-auditor.sh
chmod +x ssh-key-auditor.sh
./ssh-key-auditor.sh --help
License
MIT β use, modify, redistribute.
Support
Bugs or questions: pragmatic@pragmaticsysadmin.help
More tools
See /shop/ for the full catalog, including paid toolkits:
- The 5-Minute Server Health Check Toolkit ($9) β the “do everything” Monday morning ritual
Made with care by Pragmatic Sysadmin.