The point of this project is to help demonstrate that users of GitHub could potentially fall victim to getting their private SSH key cracked. This based on the size and complexity of the key the user generates.
Programs like ssh2john
from John the Ripper can best demonstrate how fast an SSH private key can be solved from a not so complex algorithm with low key lengths (think RSA < 1024 bits).
-
Install the
gh
cli - see the installationInstallation requires a minimum version (2.0.0) of the GitHub CLI that supports extensions.
-
Install this extension:
gh extension install jef/gh-audit-org-keys
Manual Installation
Requirements: cli/cli
and go
.
-
Clone the repository
# git git clone git@github.com:jef/gh-audit-org-keys.git # GitHub CLI gh repo clone jef/gh-audit-org-keys
-
cd
into itcd gh-audit-org-keys
-
Build it
make build
-
Install it locally
gh extension install .
To run:
gh audit-org-keys
To upgrade:
gh extension upgrade audit-org-keys
gh audit-org-keys --organization="actions"
gh audit-org-keys --organization="actions" --show-users="all"