After recently discovering a security vulnerability that allows an attacker to add an SSH key to a GitHub user account, GitHub is requiring all users to audit their SSH keys. Its audit page lists one’s keys by type and fingerprint, but it doesn’t say how it generated the fingerprint or how to generate one for your local copy of a key to compare it with. Nor does it let you see the whole key.
And since I don’t generate such fingerprints very often, I didn’t know how to do it. So I tried cksum, md5, and shasum on my Mac, but none of their checksums matched. Turns out the tool to use is ssh-keygen:
ssh-keygen -l -f path/to/keyfile