github ssh audit - how to check your fingerprints

github forget to tell you how to easily check your .ssh fingerprints. ssh-keygen -l -f id_dsa.pub is easiest.

See https://github.com/settings/ssh/audit

ssh-keygen -l -f ~/.ssh/id_*.pub

and compare the fingerprint to the ones listed at github.

For multiple .pubs:

for p in ~/.ssh/*.pub; do ssh-keygen -l -f $p; done

For the backstory see https://github.com/rails/rails/issues/5228 where @homakov was ignored and accused of trolling, until he decided to prove the vulnerability. Bad decision apparently.

https://github.com/blog/1068-public-key-security-vulnerability-and-mitigation#comment-17266

Leave a comment

About Reini Urban

user-pic Working at cPanel on B::C (the perl-compiler), p2, types, parrot, B::Generate, cygwin perl and more guts (LLVM, jit, optimizations).