Solutions
Device management
Remotely manage, and protect laptops and mobile devices.
Orchestration
Automate tasks across devices, from app installs to scripts.
Software management
Inventory, patch, and manage installed software.
Extend Fleet
Integrate your favorite tools with Fleet.
Customers
Stripe + Fleet
Stripe consolidates multiple tools with Fleet.
Foursquare + Fleet
Foursquare quickly migrates to Fleet for device management.
What people are saying
Stories from the Fleet community.
More
Identify SSH keys created without a passphrase which can be used in Lateral Movement (MITRE. TA0008)
To learn more about queries, check this guide.
SELECT uid, username, description, path, encrypted FROM users CROSS JOIN user_ssh_keys using (uid) WHERE encrypted=0;
$results = @()
# Get a list of user directories in C:\Users
$usersDirs = Get-ChildItem "C:\Users" -Directory -ErrorAction SilentlyContinue
foreach ($userDir in $usersDirs) {
$username = $userDir.Name
$sshFolder = Join-Path $userDir.FullName ".ssh"
if (Test-Path $sshFolder) {
# Attempt to retrieve local user information; if not found, leave empty
$localUser = Get-LocalUser -Name $username -ErrorAction SilentlyContinue
$uid = if ($localUser) { $localUser.SID.Value } else { "" }
$description = if ($localUser) { $localUser.Description } else { "" }
# Get all files in the .ssh folder that are not public-key files
$keyFiles = Get-ChildItem -Path $sshFolder -File | Where-Object { $_.Extension -ne ".pub" }
foreach ($key in $keyFiles) {
# Read the key file; if it contains "ENCRYPTED" assume it is encrypted
$content = Get-Content $key.FullName -ErrorAction SilentlyContinue
if ($content -match "ENCRYPTED") {
$enc = 1
}
else {
$enc = 0
}
if ($enc -eq 0) {
$results += [pscustomobject]@{
uid = $uid
username = $username
description = $description
path = $key.FullName
encrypted = $enc
}
}
}
}
}
$results | Format-Table -AutoSize
echo "uid,username,description,path,encrypted"; for u in /Users/*; do [ -d "$u/.ssh" ] || continue; user=$(basename "$u"); uid=$(id -u "$user" 2>/dev/null); desc=$(dscl . -read /Users/"$user" RealName 2>/dev/null | sed '1d;s/^ *//'); for f in "$u"/.ssh/*; do [ -f "$f" ] || continue; grep -q "ENCRYPTED" "$f" 2>/dev/null || echo "$uid,$user,$desc,$f,0"; done; done
PowerShell commands are currently work in progress, contributions welcome.
Bash commands for macOS are currently work in progress, contributions welcome.