#!/bin/bash

# ssh_sha256_owners.txt file should be generated by finding the SHA256 fingerprint
# for each line present inside .ssh/authorized_keys with
# ssh-keygen -lf /tmp/user_key.pub >> ssh_sha256_owners.txt

RED='\033[0;31m'
GREEN='\033[0;32m'
NC='\033[0m' # No Color
EMPTY="                                                                                           "

AUTH_FILE=/var/log/auth.log*

LOGINS=$(grep 'Accepted publickey' $AUTH_FILE)

while IFS= read -r line
do
        echo "$line"
        key=$(echo "$line" | grep "SHA256.*" -o)
        grep $key ssh_sha256_owners.txt --color=auto
done < <(printf '%s\n' "$LOGINS")

echo "All accepted keys found: "
LOGINS=$(grep 'Accepted publickey' $AUTH_FILE | grep "SHA256.*" -o | sort | uniq)
while IFS= read -r line
do
        echo "$line"
        grep "$line" ssh_sha256_owners.txt --color=auto
        if [ $? != 0 ]; then
                printf "${RED}SSH KEY NOT FOUND IN THE WHITELIST !!!${NC}\n"
        fi
done < <(printf '%s\n' "$LOGINS")