Using ssh-keys for access to servers can be very nice as one can use ssh-agent to temporarily store the unencrypted key - and thus work all day - without continuously entering your password for the key - and you can easily decide (using authorized_keys file on the server) which keys gets to login as which users - and what commands they may execute.
But - it's my experience that many (developers f.ex.) find a need to have an empty passphrase for their key - a bad thing to do - if you want a bit of security :)
So I wrote a program for a customer of mine, to test all users ssh-keys on a server (f.ex. a central login/gateway server) - for empty passphrases. I misuse ssh-add - and the hardest thing was to make it "shut up" when the passphrase is not empty :)
I currently just look in folders in /home - I could have used getent passwd f.ex. - but feel free to suggest improvements.
Here's the script: http://blog.klavsen.info/files/testsshkeys.sh - work sponsored by Berlingske Media
I hope it can be of use