For each user we collect:
~/.ssh/known_hosts
~/.ssh/authorized_keys
files
~/.ssh/
directory
The last three items enable us to model how, when a host is compromised, the identity keys stored on it may be used to compromise other hosts.
The README file describes in even greater detail which files collect-ssh
reads and how the script encrypts the information it gathers to preserve your privacy.