script-bundle+runbook

SSH Key Hygiene Kit

Find every stale SSH key across your server fleet in under 10 minutes — read-only, agentless, Bash 3.2+ compatible.

SSH keys accumulate. A departing employee, a forgotten jump box, a migration that never got fully cleaned up — and suddenly you have authorized_keys files you've never audited, with keys whose owners you can't identify. The problem isn't awareness. It's that you've never had a fast, inspectable tool that shows you exactly what's there. The SSH Key Hygiene Kit is a read-only audit toolkit that scans your SSH key estate and surfaces what needs attention: weak encryption algorithms, keys with no identifying comments, duplicates across files, and permission settings that shouldn't be in production. Each script auto-saves a dated report on the machine you run it from, so your audit trail starts the moment the scan finishes. Run it on a single host in 2 minutes. Point the fleet wrapper at a hostlist and get an aggregated summary across 50 servers in one command. Works on macOS without any Homebrew prerequisites — Bash 3.2 compatible out of the box.

Key Features

  • Read-only by architectural guarantee — every script enforces no-write semantics in code, not just claims
  • Bash 3.2+ compatible — runs on stock macOS without Homebrew or version upgrades
  • Single-host audit in under 2 minutes; fleet wrapper aggregates 50 servers in one command
  • Auto-saves a dated report on every run — your audit trail starts the moment the scan finishes
  • Flags weak algorithms, missing comments, duplicates, and permission anti-patterns
  • Windows hosts covered via PowerShell equivalent (audits per-user + administrators_authorized_keys)
  • MIT-licensed, every script under 1,000 lines, full WHAT/WHY inline comments — read it before you run it

What's Inside

  • 📦audit-ssh-keys.sh — Core Bash audit for Linux/macOS; flags weak algorithms, missing comments, duplicates, and stale keys
  • 📦fleet-audit.sh — Fleet wrapper that SSHes to each host and aggregates results into one dated report
  • 📦audit-authorized-keys.ps1 — PowerShell equivalent for Windows OpenSSH hosts (per-user + administrators_authorized_keys)
  • 📦summarize-report.sh — Post-processor; compresses any audit report into a compact summary table
  • 📦SSH-Key-Hygiene-Runbook.md — 7-section practitioner runbook: prerequisites, usage, report interpretation, remediation decision tree, scheduling
  • 📦README.md — 3-step quick start, full flag reference table, and tested-on OS matrix
  • 📦CHANGELOG.md and MIT LICENSE
$27

One-time purchase

Instant download after purchase
📧Download link sent to your email
🔄7-day download access
14-day money-back guarantee
View refund policy
Quality Score

9/10