orphaned public key

So, I thought I'd contribute to moose.

A week ago I joined #moose and nopasted a public key. Cats and kids jumped all over me and I didn't follow through. In the end, I think that nobody acted on that. Today I thought I'd get back to that while the kids were out of the house. I still had the nopaste tab open, so pasted the URL and mst added my key.

hmmm... but I still couldn't clone the rw repo. Sigh. I turns out that the public key was an orphan. From the comment in the public key, I'd believed that it was the one I was using to access github. However, they'd had that security kerfufle a while back and asked everyone to re-verify their public keys. I'd taken that opportunity to simplify a bit and just down my public key list at github to one key. ...and it wasn't the key that I'd sent mst. In fact, after much digging, I believe that I do not actually have a private key to go with that public key.

I also found another public key which appears to be an orphan. I've tidied up a bit now and hope never to be in this situation again. Just in case (or in case anyone else ends up there), here's some bits of info...

github does not show you the public keys you have with them. Instead, it will show you fingerprints:


You can view the finger prints of your public keys to see which (if any!) match:

for i in ~/.ssh/*.pub; do ssh-keygen -l -f "$i"; done

If none match, but you are still able to access github, then you may have misplaced your public key since uploading it to github. Presumably you still have the private key or you would not be able to access github.

ssh-keygen -y -f ./name_of_private_key_file > name_of_private_key_file.pub

at that point, you can redo the finger print bit and see which public key github is really using.

Leave a comment

About wickline

user-pic hmmm