Skip to main content

Overview of the Offline Unix Scan Script and Windows Scan Utility

Explanation of What Operations Are Carried out by the Unix SSH Scan Discovery Script

The ssh-mgr-host-utility.sh runs a Python based script. It performs the requested scan on command line (scan-local, scan-without-nfs, or scan-all). It must be run as root.

Writing to the system only occurs in step 1 and possibly to a unique temporary directory under /tmp when e.g. extracting public keys from private keys. Otherwise it is a read-only script.

The script is in plain text and can be reviewed before execution.

The script does the following (as root):

  • Read/write sshmgr-unique-id to /var if it does not exist already (used to identify the host).

  • Detect the operating system using uname commands.

  • List SSH and directory products (by looking for the known packages and-or files using rpm or equivalent UNIX commands).

  • List users and groups (by using various directory-specific commands, getent, and look at /etc/group and /etc/passwd).

  • Read the system SSH server configuration.

  • Each valid user detected will have their authorized keys recorded. Associated private keys will have their SSH fingerprint recorded. The private keys themselves are not recorded.

  • All scanning output is saved to stdout/stderr, sensitive file content is base64 encoded.

Explanation of What Operations Are Carried out by the Windows SSH Scan Discovery Utility

The ssh-mgr-host-utility.exe is a Windows command line program that scans host for SSH users, keys and products. It must be run with Administrator user privileges to function. The JSON formatted program output can be imported to Key Manager.

Writing to the system only occurs during step 1. Otherwise the program's operation is read-only. The program does the following:

  • Read and write a unique-id to Windows registry (used to identify the host).

  • Detect operating system information using .NET APIs.

  • List SSH products by looking for the known packages in the system registry.

  • The program gets all users from the Windows registry. Then it checks if the user is included in SSH product configuration or if the user has user-specific SSH configurations.

  • Read the SSH product configuration.

  • Each valid user detected will have their authorized keys recorded. Associated private keys will have their SSH fingerprint recorded. The private keys themselves are not recorded.

  • All scanning output is saved to stdout/stderr, sensitive file content is base64 encoded.