chef-infrainspec

Using Chef Inspec is it possible to verify the strength of SSH keys?


On executing the command ssh-keygen -lf /etc/ssh/ssh_host_dsa_key.pub I am getting a output where the first few digits represent the key strength. Is there a possible way to validate the key strength using Chef inspec?

Suppose I get 1024...... as the output of the mentioned command, how do I check that it should be 1024 and not other values using Chef Inspec?


Solution

  • use the command resource and match its output. something like the following should do the trick

    describe command('ssh-keygen -lf /etc/ssh/ssh_host_dsa_key.pub | awk '{print $1}) do
     its('exit_status') { should eq 0 }
     its('stdout') { should be >= 1024 }
    end