Calculate RSA key fingerprint

Question

I need to do the SSH key audit for GitHub  but I am not sure how do find my RSA key fingerprint  I originally followed a guide to generate an SSH key on Linux   What is the command I need to enter to find my current RSA key fingerprint

User · Answer

Sometimes you can have a bunch of keys in your ~/.ssh directory, and don't know which matches the fingerprint shown by GitHub/Gitlab/etc.

Here's how to show the key filenames and MD5 fingerprints of all the keys in your ~/.ssh directory:

cd ~/.ssh
find . -type f -exec printf "\n{}\n" \; -exec ssh-keygen -E md5 -lf {} \;

(For what the parameters mean, refer to this answer about the find command.

Note that the private/public files that belong to one key have the same fingerprint, so you'll see duplicates.

User · Answer

Reproducing content from AWS forums here  because I found it useful to my use case - I wanted to check which of my keys matched ones I had imported into AWS openssl pkey -in    ssh ec2 primary pem -pubout -outform DER   openssl md5 -c Where   primary pem is the private key to check  Note that this gives a different fingerprint from the one computed by ssh-keygen

User · Answer

This is the shell function I use to get my SSH key finger print for creating DigitalOcean droplets   fingerprint         pubkeypath   1      ssh-keygen -E md5 -lf   pubkeypath    awk    print  2      cut -c 5-     Put it in your    bashrc  source it  and then you can get the finger print as so     fingerprint    ssh id rsa pub d2 47 0a 87 30 a0 c0 df 6b 42 19 55 b4 f3 09 b9

User · Answer

A key pair  the private and public keys  will have the same fingerprint  so in the case you can t remember which private key belong to which public key  find the match by comparing their fingerprints   The most voted answer by Marvin Vinto provides the fingerprint of a public SSH key file  The fingerprint of the corresponding private SSH key can also be queried  but it requires a longer series of step  as shown below    Load the SSH agent  if you haven t done so  The easiest way is to invoke    ssh-agent bash   or    ssh-agent tcsh    or another shell you use   Load the private key you want to test     ssh-add  path to your-ssh-private-key   You will be asked to enter the passphrase if the key is password-protected  Now  as others have said  type    ssh-add -l 1024 fd bc 8a 81 58 8f 2c 78 86 a2 cf 02 40 7d 9d 3c you yourhost  DSA    fd bc     is the fingerprint you are after  If there are multiple keys  multiple lines will be printed  and the last line contains the fingerprint of the last loaded key  If you want to stop the agent  i e   if you invoked step 1 above   then simply type  exit  on the shell  and you ll be back on the shell prior to the loading of ssh agent    I do not add new information  but hopefully this answer is clear to users of all levels

User · Answer

On Windows  if you re running PuTTY Pageant  the fingerprint is listed when you load your PuTTY   ppk  key into Pageant  It is pretty useful in case you forget which one you re using

User · Answer

The fastest way if your keys are in an SSH agent     ssh-add -L   ssh-keygen -E md5 -lf  dev stdin   Each key in the agent will be printed as   4096 MD5 8f c9 dc 40 ec 9e dc 65 74 f7 20 c1 29 d1 e8 5a  Users cmcginty  ssh id rsa  RSA

User · Answer

If your SSH agent is running  it is  ssh-add -l   to list RSA fingerprints of all identities  or -L for listing public keys   If your agent is not running  try   ssh-agent sh -c  ssh-add  ssh-add -l    And for your public keys   ssh-agent sh -c  ssh-add  ssh-add -L    If you get the message   The agent has no identities    then you have to generate your RSA key by ssh-keygen first

User · Answer

Google Compute Engine shows the SSH host key fingerprint in the serial output of a Linux instance  The API can get that data from GCE  and there is no need to log in to the instance   I didn t find it anywhere else but from the serial output  I think the fingerprint should be in some more programmer-friendly place   However  it seems that it depends on the type of an instance  I am using instances of Debian nbsp 7  Wheezy  f1-micro

User · Answer

On Fedora I do locate    ssh which tells me keys are at    root  ssh  root  ssh authorized keys

User · Answer

To see your key on Ubuntu  just enter the following command on your terminal   ssh-add -l  You will get an output like this  2568 0j 20 4b 88 a7 9t wd 19 f0 d4 4y 9g 27 cf 97 23 yourName ubuntu  RSA   If however you get an error like  Could not open a connection to your authentication agent  Then it means that ssh-agent is not running  You can start run it with          ssh-agent bash  thanks to  Richard in the comments  and then re-run ssh-add -l

User · Answer

The newer SSH commands will list fingerprints as a SHA256 Key   For example   ssh-keygen -lf    ssh id dsa pub  1024 SHA256 19n6fkdz0qqmowiBy6XEaA87EuG jgWUr44ZSBhJl6Y  DSA    If you need to compare it against an old fingerprint you also need to specify to use the MD5 fingerprint hashing function   ssh-keygen -E md5 -lf    ssh id dsa pub 2048 MD5 4d 5b 97 19 8c fe 06 f0 29 e7 f5 96 77 cb 3c 71  DSA    Also available  -E sha1  Update     YES   yes    I know     DSA keys for SSH should no longer be used  the older RSA key or newer ecliptic keys should be used instead   To those  admins  that keep editing the command I used in the above    STOP CHANGING IT   You make the command and resulting output mis-match

User · Answer

Run the following command to retrieve the SHA256 fingerprint of your SSH key  -l means  list  instead of create a new key  -f means  filename       ssh-keygen -lf  path to ssh key   So for example  on my machine the command I ran was  using RSA public key      ssh-keygen -lf    ssh id rsa pub 2048 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff  Users username  ssh id rsa pub  RSA    To get the GitHub  MD5  fingerprint format with newer versions of ssh-keygen  run     ssh-keygen -E md5 -lf  lt fileName gt    Bonus information   ssh-keygen -lf also works on known hosts and authorized keys files   To find most public keys on Linux Unix OS nbsp X systems  run    find  etc ssh  home    ssh  Users    ssh -name    pub  -o -name  authorized keys  -o -name  known hosts     If you want to see inside other users  homedirs  you ll have to be root or sudo    The ssh-add -l is very similar  but lists the fingerprints of keys added to your agent   OS nbsp X users take note that magic passwordless SSH via Keychain is not the same as using ssh-agent

User · Answer

ssh-add -l    will also work on Mac nbsp OS nbsp X nbsp v10 8  Mountain Lion  - v10 10  Yosemite    It also supports the option -E to specify the fingerprint format so in case MD5 is needed  it s often used  e g  by GitHub   just add -E md5 to the command

User · Answer

To check a remote SSH server prior to the first connection  you can give a look at www server-stats net ssh  to see all SHH keys for the server  as well as from when the key is known   That s not like an SSL certificate  but definitely a must-do before connecting to any SSH server for the first time

[github] Calculate RSA key fingerprint

Examples related to github

Examples related to ssh

Examples related to rsa

Examples related to ssh-keys