I'd like to write a monitoring plugin that checks various hosts on my network to make sure that password or interactive SSH authentication is not enabled. That is, I need to write code that:
Methods using either python or bourne sh code (using ssh) is most interesting to me, but other languages, libraries or hints are appreciated too.
I'm currently building one myself, however, you can force ssh to output (to STDERR) the supported methods by using the PreferredAuthentications option. This can easily be parsed with grep/python/language of choice.
HostA$ ssh -o PreferredAuthentications=none HostB
Permission denied (publickey,gssapi-with-mic).
HostA$ ssh -o PreferredAuthentications=none HostC
Permission denied (publickey,gssapi-with-mic,password,keyboard-interactive,hostbased).