$ Linux One Liners
Back to lessons

Cybersecurity Triage

Find Loose Private Key Permissions

You need to find private-key-looking files with modes broader than 600.

Command

find home -type f -name 'id_*' -printf '%m %p\n' | awk '$1 > 600'

What changed

Nothing changes. The command prints key-looking files whose numeric mode is greater than 600.

Danger

safe

When to use it

Use during server access audits or after provisioning SSH credentials.

When not to use it

Do not assume every id_* file is a real private key; inspect carefully before changing or deleting.

Undo or recovery

No undo needed because this command is read-only.

Expected output

Mode and path for private-key-looking files with loose permissions.

demo script

Disposable terminal steps

  1. find home -type f -path '*/.ssh/*' -printf '%m %p\n' | sort
  2. find home -type f -name 'id_*' -printf '%m %p\n' | awk '$1 > 600'
Terminal transcript Demo JSON

simulated output

What it looks like

disposable vessel 
::fixture-ready::
$ find home -type f -path '*/.ssh/*' -printf '%m %p\n' | sort
600 home/alex/.ssh/authorized_keys
600 home/deploy/.ssh/authorized_keys
644 home/deploy/.ssh/id_rsa
::exit-code::0
$ find home -type f -name 'id_*' -printf '%m %p\n' | awk '$1 > 600'
644 home/deploy/.ssh/id_rsa
::exit-code::0

YouTube Short

Find loose SSH keys.

List id underscore files and flag modes broader than 600 so risky private key permissions stand out.

LinkedIn hook

SSH private keys should not be readable like ordinary files.

Question: Do you audit SSH key file modes during VPS access reviews?

experiments

A/B tests to run

Metric: completion_rate

A: Loose private key modes.

B: Audit SSH key permissions.