generating a fingerprint for an SSH key

After recently discovering a security vulnerability that allows an attacker to add an SSH key to a GitHub user account, GitHub is requiring all users to audit their SSH keys. Its audit page lists one’s keys by type and fingerprint, but it doesn’t say how it generated the fingerprint or how to generate one for your local copy of a key to compare it with. Nor does it let you see the whole key.

And since I don’t generate such fingerprints very often, I didn’t know how to do it. So I tried cksum, md5, and shasum on my Mac, but none of their checksums matched. Turns out the tool to use is ssh-keygen:

    ssh-keygen -l -f path/to/keyfile


Myk Melez

Myk is a Principal Software Architect and in-house entrepreneur at Mozilla. A Mozillian since 1999, he's contributed to the Web App Developer Initiative, PluotSorbet, Open Web Apps, Firefox OS Simulator, Jetpack, Raindrop, Snowl, Personas, Firefox, Thunderbird, and Bugzilla. He's just a cook. He's all out of bubblegum.


2 thoughts on “generating a fingerprint for an SSH key

  1. Hmm, I didn't see that when I first went to the page. I wonder if they added it after I complained to them about it this morning. 🙂

Comments are closed.