$ Linux One Liners
Back to lessons

Cybersecurity Triage

Risk: safe

Find Loose authorized_keys Modes

You need to find authorized_keys files with permissions broader than 600.

Command

find home -path '*/.ssh/authorized_keys' -printf '%m %p\n' | awk '$1 > 600'

Before you run this

Risk: safe. Do not chmod files blindly from this list; confirm ownership, platform expectations, and deployment tooling first.

Expected output

Mode and path for authorized_keys files with permissions broader than 600.

System impact

Nothing changes. The command lists authorized_keys modes and filters files whose numeric mode is greater than 600.

Recovery / rollback: no state is changed.

When to use it

Use during SSH access audits or after provisioning user keys to spot loose access-file permissions.

When not to use it

Do not chmod files blindly from this list; confirm ownership, platform expectations, and deployment tooling first.

Watch this command run

Example output from a temporary Linux lab

This example uses disposable sample files and sanitized output so you can inspect the shape of the result before touching a real system.

demo@lab:~$

$ find home -path '*/ssh-keys/authorized_keys' -printf '%m %p\n' | sort

600 home/alice/ssh-keys/authorized_keys
600 home/deploy/ssh-keys/authorized_keys
644 home/bob/ssh-keys/authorized_keys

$ find home -path '*/ssh-keys/authorized_keys' -printf '%m %p\n' | awk '$1 > 600'

644 home/bob/ssh-keys/authorized_keys
View reproducible demo details

This page shows the sanitized shell transcript and the setup steps needed to reproduce the example.

Lab setup steps

  1. find home -path '*/.ssh/authorized_keys' -printf '%m %p\n' | sort
  2. find home -path '*/.ssh/authorized_keys' -printf '%m %p\n' | awk '$1 > 600'

next steps

Related commands

Cybersecurity Triage Risk: safe

Find SSH Key Users with sudo

The highest-priority access review starts where SSH keys and sudo overlap.

comm -12 <(find fixtures/user-access-audit/home -path '*/.ssh/authorized_keys' -printf '%h\n' | awk -F/ '{print $(NF-1)}' | sort) <(awk -F: '$1=="sudo" {gsub(",","\n",$4); print $4}' fixtures/user-access-audit/etc/group | sort)
Cybersecurity Triage Risk: safe

Find SSH Keys for nologin Users

A nologin shell does not automatically mean SSH keys are irrelevant.

comm -12 <(awk -F: '$7 !~ /(bash|sh|zsh)$/ {print $1}' fixtures/user-access-audit/etc/passwd | sort) <(find fixtures/user-access-audit/home -path '*/.ssh/authorized_keys' -printf '%h\n' | awk -F/ '{print $(NF-1)}' | sort)
Cybersecurity Triage Risk: safe

Find Loose Private Key Permissions

SSH private keys should not be readable like ordinary files.

find home -type f -name 'id_*' -printf '%m %p\n' | awk '$1 > 600'
Cybersecurity Triage Risk: safe

Count authorized_keys by User

authorized_keys is the practical SSH access list.

find fixtures/user-access-audit/home -path '*/.ssh/authorized_keys' -exec sh -c 'for f do user=$(basename "$(dirname "$(dirname "$f")")"); keys=$(grep -vc "^[[:space:]]*#" "$f"); printf "%s %s %s\n" "$user" "$keys" "$f"; done' sh {} + | sort
Cybersecurity Triage Risk: safe

List authorized_keys Files

Authorized keys are the server's practical access list.

find home -path '*/.ssh/authorized_keys' -printf '%m %p\n'
Study mapping

Use this as independent command practice: read the notes, predict the output, then compare it with the example before using a real shell.

  • lpic1:103-gnu-unix-commands
  • lpic1:104-filesystems-permissions-fhs
  • lpic1:107-admin-tasks
  • lpic1:110-security
  • lfcs:essential-commands
  • lfcs:security-hygiene
  • lfcs:storage
  • lfcs:users-groups
  • linuxplus:automation-scripting
  • linuxplus:provisional
  • linuxplus:security
  • linuxplus:system-management
  • risk:read-only
  • risk:security-sensitive

Useful for

  • LPIC-1 style command-line practice
  • LFCS style performance tasks
  • Linux+ style troubleshooting review

Independent study support only. No affiliation, endorsement, exam dumps, or real exam questions.