Skip to content

A collection of static SSH keys (public and private) that have made their way into software and hardware products.

License

Notifications You must be signed in to change notification settings

rapid7/ssh-badkeys

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

79 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

SSH Bad Keys

This is a collection of static SSH keys (host and authentication) that have made their way into software and hardware products. This was inspired by the Little Black Box project, but focused primarily on SSH (as opposed to TLS) keys.

Keys are split into two categories; authorized keys and host keys. The authorized keys can be used to gain access to a device with this public key. The host keys can be used to conduct a MITM attack against the device, but do not provide direct access.

This collection depends on submissions from researchers to stay relevant. If you are aware of a static key (host or authorized), please open an Issue or submit a Pull Request. The Issues list also contains a wishlist of known bad keys that we would like to include.

For additional key types and a broader scope, take a look at the Kompromat project.

About

A collection of static SSH keys (public and private) that have made their way into software and hardware products.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published