$ Linux One Liners
Back to lessons

Cybersecurity Triage

Summarize SSH Authorized Key Types

You need to count SSH key algorithms used in authorized_keys files.

Command

find home -path '*/.ssh/authorized_keys' -exec awk '{print $1}' {} + | sort | uniq -c | sort -nr

What changed

Nothing changes. The command reads authorized_keys files and counts the first field, which is the key type.

Danger

safe

When to use it

Use during SSH access reviews when you need to spot legacy key types before planning cleanup.

When not to use it

Do not delete RSA keys solely because they appear here; confirm policy, fingerprint, owner, and compatibility first.

Undo or recovery

No undo needed because this command is read-only.

Expected output

A count-sorted list of authorized SSH key types.

demo script

Disposable terminal steps

  1. find home -path '*/.ssh/authorized_keys' -exec awk '{print FILENAME, $1}' {} +
  2. find home -path '*/.ssh/authorized_keys' -exec awk '{print $1}' {} + | sort | uniq -c | sort -nr
Terminal transcript Demo JSON

simulated output

What it looks like

disposable vessel 
::fixture-ready::
$ find home -path '*/.ssh/authorized_keys' -exec awk '{print FILENAME, $1}' {} +
home/deploy/.ssh/authorized_keys ssh-ed25519
home/bob/.ssh/authorized_keys ssh-rsa
home/alice/.ssh/authorized_keys ssh-ed25519
home/alice/.ssh/authorized_keys ssh-rsa
::exit-code::0
$ find home -path '*/.ssh/authorized_keys' -exec awk '{print $1}' {} + | sort | uniq -c | sort -nr
      2 ssh-rsa
      2 ssh-ed25519
::exit-code::0

YouTube Short

Count SSH key types.

Count authorized key algorithms so old or unexpected key types stand out during access review.

LinkedIn hook

Key inventory gets more useful when old key types stand out.

Question: Do you summarize authorized SSH key types before planning key cleanup?

experiments

A/B tests to run

Metric: save_rate

A: Count key algorithms.

B: Spot legacy SSH keys.