From 8245712ab8423da44c569db7acfa94a3146c1ad7 Mon Sep 17 00:00:00 2001 From: celso Date: Tue, 28 Mar 2023 11:34:40 -0300 Subject: [PATCH] added check_key.sh --- check_key.sh | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100755 check_key.sh diff --git a/check_key.sh b/check_key.sh new file mode 100755 index 0000000..a950837 --- /dev/null +++ b/check_key.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +#run as root +#$1 is username +for i in $(awk '{print $2}' "/home/${1}/.ssh/authorized_keys"); do + dude="$(base64 -d <<< "${i}" | sha256sum | awk '{print $1}' | xxd -r -p | base64)" + for j in $(grep "Accepted publickey for ${1}" /var/log/auth.log | grep -o "SHA256.*$" | sed 's/^SHA256://g' | sort | uniq); do + [ "${dude:0:-1}" = "${j}" ] && { + _users="$(grep "${i}" /home/${1}/.ssh/authorized_keys | awk '{print $3" logged in"}')" + lastlog_time="$(tac /var/log/auth.log | grep -m1 "${j}" | awk '{print $1" "$2" "$3" "}')" + echo "${lastlog_time} ${_users}" + } + done +done