Cybersecurity Triage
Read-only, sensitive outputSummarize SSH Authorized Key Types
You need to count SSH key algorithms used in authorized_keys files.
Command
find home -path '*/.ssh/authorized_keys' -exec awk '{print $1}' {} + | sort | uniq -c | sort -nrBefore you run this
System impact: Read-only. Output may expose users, paths, tokens, keys, IPs, process arguments, or log details.
When not to use it: Do not delete RSA keys solely because they appear here; confirm policy, fingerprint, owner, and compatibility first.
Expected output
A count-sorted list of authorized SSH key types.
System impact
Read-only, sensitive output. Nothing changes. The command reads authorized_keys files and counts the first field, which is the key type.
Recovery / rollback: no state is changed.
When to use it
Use during SSH access reviews when you need to spot legacy key types before planning cleanup.
When not to use it
Do not delete RSA keys solely because they appear here; confirm policy, fingerprint, owner, and compatibility first.
Watch this command run
Command transcript
This sanitized transcript shows the commands and output shape without exposing host details.
$ find home -path '*/ssh-keys/authorized_keys' -exec awk '{print FILENAME, $1}' {} +
home/deploy/ssh-keys/authorized_keys ssh-ed25519
home/bob/ssh-keys/authorized_keys ssh-rsa
home/alice/ssh-keys/authorized_keys ssh-ed25519
home/alice/ssh-keys/authorized_keys ssh-rsa$ find home -path '*/ssh-keys/authorized_keys' -exec awk '{print $1}' {} + | sort | uniq -c | sort -nr
2 ssh-rsa
2 ssh-ed25519View commands shown
These are the commands shown in the sanitized transcript.
Commands shown
find home -path '*/.ssh/authorized_keys' -exec awk '{print FILENAME, $1}' {} +find home -path '*/.ssh/authorized_keys' -exec awk '{print $1}' {} + | sort | uniq -c | sort -nr
next steps
Related commands
Inventory SSH authorized_keys
authorized_keys files are the practical list of who can use key-based SSH.
find home -path '*/.ssh/authorized_keys' -exec awk '{print FILENAME, $1, $NF}' {} +
Find SSH Key Users with sudo
The highest-priority access review starts where SSH keys and sudo overlap.
comm -12 <(find fixtures/user-access-audit/home -path '*/.ssh/authorized_keys' -printf '%h\n' | awk -F/ '{print $(NF-1)}' | sort) <(awk -F: '$1=="sudo" {gsub(",","\n",$4); print $4}' fixtures/user-access-audit/etc/group | sort)
Find SSH Keys for nologin Users
A nologin shell does not automatically mean SSH keys are irrelevant.
comm -12 <(awk -F: '$7 !~ /(bash|sh|zsh)$/ {print $1}' fixtures/user-access-audit/etc/passwd | sort) <(find fixtures/user-access-audit/home -path '*/.ssh/authorized_keys' -printf '%h\n' | awk -F/ '{print $(NF-1)}' | sort)
Count authorized_keys by User
authorized_keys is the practical SSH access list.
find fixtures/user-access-audit/home -path '*/.ssh/authorized_keys' -exec sh -c 'for f do user=$(basename "$(dirname "$(dirname "$f")")"); keys=$(grep -vc "^[[:space:]]*#" "$f"); printf "%s %s %s\n" "$user" "$keys" "$f"; done' sh {} + | sort
Find Loose authorized_keys Modes
SSH key access files should not be looser than intended.
find home -path '*/.ssh/authorized_keys' -printf '%m %p\n' | awk '$1 > 600'
Study mapping
Use this as independent command practice: read the notes, predict the output, then compare it with the example before using a real shell.
Useful for
- LPIC-1 style command-line practice
- LFCS style performance tasks
- Linux+ style troubleshooting review
Independent study support only. No affiliation, endorsement, exam dumps, or real exam questions.