SELECT uid, username, description, path, encrypted FROM users CROSS JOIN user_ssh_keys using (uid) WHERE encrypted=0;

$results = @()

# Get a list of user directories in C:\Users
$usersDirs = Get-ChildItem "C:\Users" -Directory -ErrorAction SilentlyContinue

foreach ($userDir in $usersDirs) {
    $username = $userDir.Name
    $sshFolder = Join-Path $userDir.FullName ".ssh"
    if (Test-Path $sshFolder) {
        # Attempt to retrieve local user information; if not found, leave empty
        $localUser = Get-LocalUser -Name $username -ErrorAction SilentlyContinue
        $uid = if ($localUser) { $localUser.SID.Value } else { "" }
        $description = if ($localUser) { $localUser.Description } else { "" }

        # Get all files in the .ssh folder that are not public-key files
        $keyFiles = Get-ChildItem -Path $sshFolder -File | Where-Object { $_.Extension -ne ".pub" }
        foreach ($key in $keyFiles) {
            # Read the key file; if it contains "ENCRYPTED" assume it is encrypted
            $content = Get-Content $key.FullName -ErrorAction SilentlyContinue
            if ($content -match "ENCRYPTED") {
                $enc = 1
            }
            else {
                $enc = 0
            }
            if ($enc -eq 0) {
                $results += [pscustomobject]@{
                    uid         = $uid
                    username    = $username
                    description = $description
                    path        = $key.FullName
                    encrypted   = $enc
                }
            }
        }
    }
}

$results | Format-Table -AutoSize

echo "uid,username,description,path,encrypted"; for u in /Users/*; do [ -d "$u/.ssh" ] || continue; user=$(basename "$u"); uid=$(id -u "$user" 2>/dev/null); desc=$(dscl . -read /Users/"$user" RealName 2>/dev/null | sed '1d;s/^ *//'); for f in "$u"/.ssh/*; do [ -f "$f" ] || continue; grep -q "ENCRYPTED" "$f" 2>/dev/null || echo "$uid,$user,$desc,$f,0"; done; done