Categories
SysOps

How to determine which SSH public key was uploaded to the web service

Determine which SSH public key was uploaded to the web service.

Sample list of uploaded SSH public keys.

Display local key fingerprints using md5 hash algorithm.

$ find ~/.ssh/ -maxdepth 1 -type f -exec bash -c 'if [[ "$( file -b "{}" )" == *private* ]]; then echo -e "{} $(ssh-keygen -l -f {} -E md5 | cut -d\  -f2 )"; fi'  \; | column -t
/home/milosz/.ssh/deploy           MD5:56:22:76:7d:da:7a:92:b6:b1:f5:c5:4d:98:68:fe:2c
/home/milosz/.ssh/ansible          MD5:a3:c1:32:7f:4d:48:53:d4:79:b8:c8:c4:4e:77:f5:2d
/home/milosz/.ssh/jenkins_home     MD5:f5:67:18:ce:79:ba:0d:7e:38:41:27:b0:f5:c0:9a:cc
/home/milosz/.ssh/mobile           MD5:0c:e8:11:65:19:7c:cc:c7:3a:34:30:33:ee:21:05:2e
/home/milosz/.ssh/gitlab_external  MD5:a3:a0:9d:07:21:c4:18:f1:8f:b9:a0:f6:10:44:96:64
/home/milosz/.ssh/milosz           MD5:9d:98:78:db:25:4f:2e:62:06:af:47:f1:3d:76:96:50
/home/milosz/.ssh/jenkins          MD5:81:0e:30:c9:67:66:2e:36:2a:d2:5f:bf:f4:b1:ee:9c

Display local key fingerprints using sha256 hash algorithm.

$ find ~/.ssh/ -maxdepth 1 -type f -exec bash -c 'if [[ "$( file -b "{}" )" == *private\ key ]]; then echo -e "{} $(ssh-keygen -l -f {} -E sha256 | cut -d\  -f2 )"; fi'  \; | column -t
/home/milosz/.ssh/deploy           SHA256:pDpy9cQVs2rY3l2TmQyG+xXjqKWUhYUUhdvNLyu5rWo
/home/milosz/.ssh/ansible          SHA256:MqT9esnWPypAIAvl/A6AQG7oTx+xbeROJt70vixP+oc
/home/milosz/.ssh/jenkins_home     SHA256:b4vN4p13EvBznlWSduSMS8iJAZqycrYKkGKvXDDCVdY
/home/milosz/.ssh/mobile           SHA256:W4DzgWYdMqTCKDBG89iNeeyEoqKlexEO3c/TMnWQDLU
/home/milosz/.ssh/gitlab_external  SHA256:dEmW5AUt7AEHPLwwsjW+iogUDAF7p0/5tBXILQfqd98
/home/milosz/.ssh/milosz           SHA256:CaC957nx9z3P1vjOuRf8KaVV9enB/aypMYaaCyS5OZE
/home/milosz/.ssh/jenkins          SHA256:BFlRCJ++SIBM6oLrOVFXyigMGya0ydAXCHeGd/FIroY

Now you can easily identify and rotate keys when needed.

I am using file command to identify the private key.

$ file ~/.ssh/milosz
/home/milosz/.ssh/milosz: PEM RSA private key

OpenSSH authentication key utility ssh-keygen to extract fingerprint.

$ ssh-keygen -l -f ~/.ssh/milosz
2048 SHA256:CaC957nx9z3P1vjOuRf8KaVV9enB/aypMYaaCyS5OZE milosz@milosz-XPS-13-9343 (RSA)