Last active
          October 2, 2021 15:53 
        
      - 
      
- 
        Save MawKKe/392d8de2e482af89171bafd2b7e27643 to your computer and use it in GitHub Desktop. 
    List OpenSSH key fingeprints of all private keys found under ~/.ssh/
  
        
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
  | #!/usr/bin/env sh | |
| # Author: Markus H (MawKKe) [email protected] | |
| set -eu | |
| PNAME="$(basename ${0})" | |
| # OpenSSH default checksum type as of 2021-07 | |
| E=sha256 | |
| # The ~/.ssh directory may contain many files; we want to process only SSH | |
| # private keys. Only files that contain this sequence of words (delimited by | |
| # whitespace) are assumed to be a private keys. | |
| PRIVKEYTAG="BEGIN\s+OPENSSH\s+PRIVATE\s+KEY" | |
| usage() { | |
| echo "Prints OpenSSH key fingerprints for all private keys found in ~/.ssh and any of its subdirectories" | |
| echo "" | |
| echo "(Note: This script assumes private key files contain substring '${PRIVKEYTAG}')" | |
| echo "" | |
| echo "Usage:" | |
| echo " ${PNAME} -h # Print this help" | |
| echo " ${PNAME} -E (sha256|md5) # Print fingerprints; use given checksum format" | |
| echo " ${PNAME} # Equivalent to '${PNAME} -E ${E}'" | |
| echo "" | |
| echo "HINT: The old hexadecimal fingerprints can be shown with '${PNAME} -E md5'" | |
| } | |
| while getopts ":hE:" arg; do | |
| case ${arg} in | |
| h) | |
| usage | |
| exit 0 | |
| ;; | |
| E) | |
| if [ ${OPTARG} != "md5" -a ${OPTARG} != "sha256" ] ; then | |
| echo "ERROR: Invalid/unknown hash function name passed to -E" | |
| exit 1 | |
| else | |
| E=${OPTARG} | |
| fi | |
| ;; | |
| :) | |
| echo "The switch -${OPTARG} requires an argument" | |
| exit 1 | |
| ;; | |
| ?) | |
| echo "Invalid option: -${OPTARG}" | |
| exit 2 | |
| ;; | |
| esac | |
| done | |
| shift $(expr ${OPTIND} - 1 ) | |
| if [ ${#} -gt 0 ]; then | |
| echo "WARNING: Ignoring trailing argument(s) '${@}'" | |
| fi | |
| for f in $(find ~/.ssh/ -type f -exec grep -ilE "${PRIVKEYTAG}" {} +); do | |
| echo $(ssh-keygen -l -E "${E}" -f "${f}") ${f} | |
| done | sort -k 3 -r | |
| # Example output: | |
| # $ ssh-key-fingerprints -E md5 | column -t | |
| # 4096 MD5:8d:40:4f:54:aa:df:1a:28:3b:3e:5a:2e:73:94:8e:ae user@hostname (RSA) /home/user/.ssh/id_rsa_bar | |
| # 256 MD5:76:41:1e:75:de:5b:11:67:34:df:c2:33:6e:12:b5:43 user@hostname (ED25519) /home/user/.ssh/id_ed25519_foo | 
  
    Sign up for free
    to join this conversation on GitHub.
    Already have an account?
    Sign in to comment