chef-infra - Using Chef Inspec is it possible to verify the strength of SSH keys?

Question

On executing the command ssh-keygen -lf /etc/ssh/ssh_host_dsa_key.pub I am getting a output where the first few digits represent the key strength. Is there a possible way to validate the key strength using Chef inspec?

Suppose I get 1024...... as the output of the mentioned command, how do I check that it should be 1024 and not other values using Chef Inspec?

score 0 · Accepted Answer

use the command resource and match its output. something like the following should do the trick

describe command('ssh-keygen -lf /etc/ssh/ssh_host_dsa_key.pub | awk '{print $1}) do
 its('exit_status') { should eq 0 }
 its('stdout') { should be >= 1024 }
end

chef-infra - Using Chef Inspec is it possible to verify the strength of SSH keys?

1 回答 1

Related

Reference