my $fprdb_fname = "/var/lib/dsa/ssh-weak-keys.db" ;
my ($outfile, $help);
my $dsa_nowarn = 0;
+my $debian_org = 1;
GetOptions( 'help|h' => \$help, #Help function
'statusfile|s=s' => \$outfile,
'fprdb|f=s' => \$fprdb_fname,
- 'n|dsa_nowarn' => \$dsa_nowarn,
+ 'n|dsa_nowarn' => \$dsa_nowarn,
+ 'd|debian-org!' => \$debian_org,
);
pod2usage(1) if $help;
my %key_sizes;
-
-#&from_user_all;
-&from_debianorg_places;
+if ($debian_org) {
+ &from_debianorg_places;
+} else {
+ &from_user_all;
+}
&from_ssh_host(qw(localhost));
my $status="OK";
my $name = shift;
if (open (my $FH, '<', $name)) {
my $key = <$FH>;
+ close($FH);
if (! defined $key) {
$weird_keyfiles++;
$text .= "cannot read $name properly - empty?\n";
my @ak = grep { /^AuthorizedKeysFile\s/i } @lines;
my @ak2 = grep { /^AuthorizedKeysFile2\s/i } @lines;
+ my @ak_files;
- if (scalar @ak != 1) {
- print $fh "UNKNOWN\n";
- print $fh "There is more than one AuthorizedKeysFile definition in sshd_config\n";
- exit
+ for my $line ((@ak, @ak2)) {
+ my @file_locations = split /\s+/, $line;
+ shift @file_locations;
+ push @ak_files, @file_locations;
}
- if (scalar @ak2 != 1) {
+
+ if (scalar @ak_files != 2) {
print $fh "UNKNOWN\n";
- print $fh "There is more than one AuthorizedKeysFile2 definition in sshd_config\n";
+ print $fh "There should be two locations for User AuthorizedKeysFile defined in sshd_config\n";
exit
}
- unless ($ak[0] =~ m#^((?i)AuthorizedKeysFile)\s+/etc/ssh/userkeys/%u$# ) {
+
+ unless (grep { m#^/etc/ssh/userkeys/%u$# } @ak_files) {
print $fh "UNKNOWN\n";
print $fh "The AuthorizedKeysFile definition has an unexpected value. Should be /etc/ssh/userkeys/%u\n";
exit
}
- unless ($ak2[0] =~ m#^((?i)AuthorizedKeysFile2)\s+/var/lib/misc/userkeys/%u$# ) {
+ unless (grep { m#^/var/lib/misc/userkeys/%u$# } @ak_files) {
print $fh "UNKNOWN\n";
print $fh "The AuthorizedKeysFile2 definition has an unexpected value. Should be /var/lib/misc/userkeys/%u\n";
exit
for my $file (grep { ! -d $d.'/'.$_ } readdir(D)) {
next if ($file eq 'README-DSA-BUILDD');
my $f = $d.'/'.$file;
- from_ssh_key_file $f if -r $f;
+ from_ssh_auth_file $f if -r $f;
};
};
}