github ssh audit - how to check your fingerprints

By Reini Urban on

github forget to tell you how to easily check your .ssh fingerprints. ssh-keygen -l -f id_dsa.pub is easiest.

See https://github.com/settings/ssh/audit

ssh-keygen -l -f ~/.ssh/id_*.pub

and compare the fingerprint to the ones listed at github.

For multiple .pubs:

for p in ~/.ssh/*.pub; do ssh-keygen -l -f $p; done

For the backstory see https://github.com/rails/rails/issues/5228 where @homakov was ignored and accused of trolling, until he decided to prove the vulnerability. Bad decision apparently.

https://github.com/blog/1068-public-key-security-vulnerability-and-mitigation#comment-17266

About Reini Urban

user-pic Working at cPanel on cperl, B::C (the perl-compiler), parrot, B::Generate, cygwin perl and more guts, keeping the system alive.

More info »