Cybersecurity Triage
Read-only, sensitive outputCount authorized_keys by User
You need to find which home directories have authorized_keys files and how many active key lines each contains.
Command
find fixtures/user-access-audit/home -path '*/.ssh/authorized_keys' -exec sh -c 'for f do user=$(basename "$(dirname "$(dirname "$f")")"); keys=$(grep -vc "^[[:space:]]*#" "$f"); printf "%s %s %s\n" "$user" "$keys" "$f"; done' sh {} + | sortBefore you run this
System impact: Read-only. Output may expose users, paths, tokens, keys, IPs, process arguments, or log details.
When not to use it: Do not remove keys just because they exist; confirm owner, source system, and current dependency first.
Expected output
Usernames, active key counts, and authorized_keys file paths.
System impact
Read-only, sensitive output. Nothing changes. The command reads fixture-local authorized_keys files and counts non-comment lines.
Recovery / rollback: no state is changed.
When to use it
Use during SSH access inventory, offboarding, or server handoff when keys may outlive account ownership.
When not to use it
Do not remove keys just because they exist; confirm owner, source system, and current dependency first.
Explanation-only example
Illustrated output, not a live lab run
This example is intentionally illustrative. It shows the command shape without killing real processes or changing your machine.
$ find sample-files/user-access-audit/users -path '*/ssh-keys/authorized_keys' -print | sort
sample-files/user-access-audit/users/alex/ssh-keys/authorized_keys
sample-files/user-access-audit/users/breakglass/ssh-keys/authorized_keys
sample-files/user-access-audit/users/deploy/ssh-keys/authorized_keys
sample-files/user-access-audit/users/reports/ssh-keys/authorized_keys$ find sample-files/user-access-audit/users -path '*/ssh-keys/authorized_keys' -exec sh -c 'for f do user=$(basename "$(dirname "$(dirname "$f")")"); keys=$(grep -vc "^[[:space:]]*#" "$f"); printf "%s %s %s\n" "$user" "$keys" "$f"; done' sh {} + | sort
alex 2 sample-files/user-access-audit/users/alex/ssh-keys/authorized_keys
breakglass 1 sample-files/user-access-audit/users/breakglass/ssh-keys/authorized_keys
deploy 1 sample-files/user-access-audit/users/deploy/ssh-keys/authorized_keys
reports 1 sample-files/user-access-audit/users/reports/ssh-keys/authorized_keysView commands shown
These are the commands shown in the sanitized transcript.
Commands shown
find fixtures/user-access-audit/home -path '*/.ssh/authorized_keys' -print | sortfind fixtures/user-access-audit/home -path '*/.ssh/authorized_keys' -exec sh -c 'for f do user=$(basename "$(dirname "$(dirname "$f")")"); keys=$(grep -vc "^[[:space:]]*#" "$f"); printf "%s %s %s\n" "$user" "$keys" "$f"; done' sh {} + | sort
next steps
Related commands
Find SSH Key Users with sudo
The highest-priority access review starts where SSH keys and sudo overlap.
comm -12 <(find fixtures/user-access-audit/home -path '*/.ssh/authorized_keys' -printf '%h\n' | awk -F/ '{print $(NF-1)}' | sort) <(awk -F: '$1=="sudo" {gsub(",","\n",$4); print $4}' fixtures/user-access-audit/etc/group | sort)
Find SSH Keys for nologin Users
A nologin shell does not automatically mean SSH keys are irrelevant.
comm -12 <(awk -F: '$7 !~ /(bash|sh|zsh)$/ {print $1}' fixtures/user-access-audit/etc/passwd | sort) <(find fixtures/user-access-audit/home -path '*/.ssh/authorized_keys' -printf '%h\n' | awk -F/ '{print $(NF-1)}' | sort)
Summarize SSH Authorized Key Types
Key inventory gets more useful when old key types stand out.
find home -path '*/.ssh/authorized_keys' -exec awk '{print $1}' {} + | sort | uniq -c | sort -nr
List authorized_keys Files
Authorized keys are the server's practical access list.
find home -path '*/.ssh/authorized_keys' -printf '%m %p\n'
Inventory SSH authorized_keys
authorized_keys files are the practical list of who can use key-based SSH.
find home -path '*/.ssh/authorized_keys' -exec awk '{print FILENAME, $1, $NF}' {} +
Study mapping
Use this as independent command practice: read the notes, predict the output, then compare it with the example before using a real shell.
Useful for
- LPIC-1 style command-line practice
- LFCS style performance tasks
- Linux+ style troubleshooting review
Independent study support only. No affiliation, endorsement, exam dumps, or real exam questions.