Cybersecurity Triage
Risk: safeSummarize SSH Authorized Key Types
You need to count SSH key algorithms used in authorized_keys files.
Command
find home -path '*/.ssh/authorized_keys' -exec awk '{print $1}' {} + | sort | uniq -c | sort -nrBefore you run this
Risk: safe. Do not delete RSA keys solely because they appear here; confirm policy, fingerprint, owner, and compatibility first.
Expected output
A count-sorted list of authorized SSH key types.
System impact
Nothing changes. The command reads authorized_keys files and counts the first field, which is the key type.
Recovery / rollback: no state is changed.
When to use it
Use during SSH access reviews when you need to spot legacy key types before planning cleanup.
When not to use it
Do not delete RSA keys solely because they appear here; confirm policy, fingerprint, owner, and compatibility first.
Watch this command run
Example output from a temporary Linux lab
This example uses disposable sample files and sanitized output so you can inspect the shape of the result before touching a real system.
$ find home -path '*/ssh-keys/authorized_keys' -exec awk '{print FILENAME, $1}' {} +
home/deploy/ssh-keys/authorized_keys ssh-ed25519
home/bob/ssh-keys/authorized_keys ssh-rsa
home/alice/ssh-keys/authorized_keys ssh-ed25519
home/alice/ssh-keys/authorized_keys ssh-rsa$ find home -path '*/ssh-keys/authorized_keys' -exec awk '{print $1}' {} + | sort | uniq -c | sort -nr
2 ssh-rsa
2 ssh-ed25519View reproducible demo details
This page shows the sanitized shell transcript and the setup steps needed to reproduce the example.
Lab setup steps
find home -path '*/.ssh/authorized_keys' -exec awk '{print FILENAME, $1}' {} +find home -path '*/.ssh/authorized_keys' -exec awk '{print $1}' {} + | sort | uniq -c | sort -nr
next steps
Related commands
Inventory SSH authorized_keys
authorized_keys files are the practical list of who can use key-based SSH.
find home -path '*/.ssh/authorized_keys' -exec awk '{print FILENAME, $1, $NF}' {} +
Find SSH Key Users with sudo
The highest-priority access review starts where SSH keys and sudo overlap.
comm -12 <(find fixtures/user-access-audit/home -path '*/.ssh/authorized_keys' -printf '%h\n' | awk -F/ '{print $(NF-1)}' | sort) <(awk -F: '$1=="sudo" {gsub(",","\n",$4); print $4}' fixtures/user-access-audit/etc/group | sort)
Find SSH Keys for nologin Users
A nologin shell does not automatically mean SSH keys are irrelevant.
comm -12 <(awk -F: '$7 !~ /(bash|sh|zsh)$/ {print $1}' fixtures/user-access-audit/etc/passwd | sort) <(find fixtures/user-access-audit/home -path '*/.ssh/authorized_keys' -printf '%h\n' | awk -F/ '{print $(NF-1)}' | sort)
Count authorized_keys by User
authorized_keys is the practical SSH access list.
find fixtures/user-access-audit/home -path '*/.ssh/authorized_keys' -exec sh -c 'for f do user=$(basename "$(dirname "$(dirname "$f")")"); keys=$(grep -vc "^[[:space:]]*#" "$f"); printf "%s %s %s\n" "$user" "$keys" "$f"; done' sh {} + | sort
Find Loose authorized_keys Modes
SSH key access files should not be looser than intended.
find home -path '*/.ssh/authorized_keys' -printf '%m %p\n' | awk '$1 > 600'
Study mapping
Use this as independent command practice: read the notes, predict the output, then compare it with the example before using a real shell.
Useful for
- LPIC-1 style command-line practice
- LFCS style performance tasks
- Linux+ style troubleshooting review
Independent study support only. No affiliation, endorsement, exam dumps, or real exam questions.