Cybersecurity Triage

Inventory SSH authorized_keys

You need to list authorized key files and identify the key type plus comment for each entry.

Command

find home -path '*/.ssh/authorized_keys' -exec awk '{print FILENAME, $1, $NF}' {} +

What changed

Nothing changes. The command reads authorized_keys files and prints the source file, key type, and trailing comment.

Danger

safe

When to use it

Use during SSH access inventory, account handoff, or before removing a user's key-based access.

When not to use it

Do not delete keys from this output alone; confirm the comment, owner, fingerprint, and current dependency first.

Undo or recovery

No undo needed because this command is read-only.

Expected output

Each authorized_keys entry with its file path, key type, and comment.

demo script

Disposable terminal steps

find home -path '*/.ssh/authorized_keys' -printf '%m %p\n' | sort
find home -path '*/.ssh/authorized_keys' -exec awk '{print FILENAME, $1, $NF}' {} +

Terminal transcript Demo JSON

simulated output

What it looks like

disposable vessel

::fixture-ready::
$ find home -path '*/.ssh/authorized_keys' -printf '%m %p\n' | sort
600 home/alice/.ssh/authorized_keys
600 home/deploy/.ssh/authorized_keys
644 home/bob/.ssh/authorized_keys
::exit-code::0
$ find home -path '*/.ssh/authorized_keys' -exec awk '{print FILENAME, $1, $NF}' {} +
home/deploy/.ssh/authorized_keys ssh-ed25519 deploy-ci-2026
home/bob/.ssh/authorized_keys ssh-rsa bob-old-laptop
home/alice/.ssh/authorized_keys ssh-ed25519 alice-laptop-2026
home/alice/.ssh/authorized_keys ssh-rsa breakglass-ticket-4821
::exit-code::0

YouTube Short

Inventory authorized keys.

List authorized keys by file, key type, and comment so SSH access has an auditable starting point.

experiments

A/B tests to run

Metric: save_rate

A: Inventory practical SSH access.

B: Find key comments before removal.