3

I'd like to audit the authorized_keys file on a number of servers and match them with known AWS key fingerprints.

Is there a one-liner which incorporates ssh-keygen -lf which will output the fingerprint of every key in an authorized_keys file in a nice list with line breaks?

Improve this question

2 Answers 2

Reset to default
5

From serverfault:

You can easily make it a function in your .bashrc:

function fingerprints() { local file="$1" while read l; do [[ -n $l && ${l###} = $l ]] && ssh-keygen -l -f /dev/stdin <<<$l done < $file }

and then do:

$ fingerprints .ssh/authorized_keys
Improve this answer
2

Here you go:

 find /path/to/keys/directory -type f -name "*.pub" -exec ssh-keygen -lf {} \; | awk '{print $2}'

Edit: Whops, ok. get it now.

here you go:

 while read line; do ssh-keygen -lf "$line"; done < <(cat authorised_keys_file)

(if this file have one key per line)

Improve this answer
5
  • thanks. I want to operate on the authorised_keys file, though, not individual .pub files Commented Apr 17, 2014 at 10:54
  • Ok, check if edited answer is the one liner you have been looking for. Commented Apr 17, 2014 at 11:04
  • thanks. please format your answer with any code, commands etc using the '{}' icon in the text editor Commented Apr 17, 2014 at 11:21
  • That doesn't work, -f expects a file name (and that file has to be a regular file as ssh-keygen opens and reads the file several times) Commented Apr 17, 2014 at 13:22
  • Use instead: while read line; do echo "$line" > key.pub; ssh-keygen -lf key.pub ; rm key.pub; done < <(cat authorised_keys) Commented Apr 17, 2014 at 13:44

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.