SSH Public Key Length
I was on a quest to find a way to test the length of ssh public keys to ensure they all meet our requirements. Because we have several users with keys, I needed to write a script to make things far quicker. After searching google and manpages, I found a combination of `ssh-keygen` and `awk` fit the bill.
The contents of one authorized_keys2 file with two public keys for two users looks like:
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA4zink1RnYErVk2M6CWqJxmanplyvMyFKWOkECk50IeUUR5zV6zrZMznVOhRKEa69fwLGoDSRelipiuh+55ntaO0p3c2WrDYZamla5qCcmgvGh0YGm1MJpwG2W81JMV/QRNm58EELxTgFPwBrOgomld+MvkXwxrbFYPf2R48Og8GBDs6+yX4aqAwQiRvMmg3MJtfnj5Zn+AGeSPLAJTnMIfPzMjQU8PPWLOZIrZ2VvKhf0BEhuO4k3aWh+rYvdfMCU7ALubvL+Y1vsNIHwFJeqwb5qEtALEm5vWVmWnASVoF01fcWZHUotKSu1EzF+LfKqGT6O0Yxg9UdoMOFM7HZAQ== Jon.LaBassssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAmkbQL+9pSzBOKLnFv/i1Ny3ws3to/Pgd0YvMwdUN0CRY4SDzr5sCgD31HpiJVdN9/UfLkX2EDY0fX44ll8UZpRFmdY7M5hlx3e67VUr9XvCYuS6Nt007skA8bzCY+MXar1cbyN+fpOYTfaGQZHQBs3hR+YZvR1Wi7tiAs5h1w7U= Some.Idiotssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA4zink1RnYErVk2M6CWqJxmanplyvMyFKWOkECk50IeUUR5zV6zrZMznVOhRKEa69fwLGoDSRelipiuh+55ntaO0p3c2WrDYZamla5qCcmgvGh0YGm1MJpwG2W81JMV/QRNm58EELxTgFPwBrOgomld+MvkXwxrbFYPf2R48Og8GBDs6+yX4aqAwQiRvMmg3MJtfnj5Zn+AGeSPLAJTnMIfPzMjQU8PPWLOZIrZ2VvKhf0BEhuO4k3aWh+rYvdfMCU7ALubvL+Y1vsNIHwFJeqwb5qEtALEm5vWVmWnASVoF01fcWZHUotKSu1EzF+LfKqGT6O0Yxg9UdoMOFM7HZAQ== User1
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAmkbQL+9pSzBOKLnFv/i1Ny3ws3to/Pgd0YvMwdUN0CRY4SDzr5sCgD31HpiJVdN9/UfLkX2EDY0fX44ll8UZpRFmdY7M5hlx3e67VUr9XvCYuS6Nt007skA8bzCY+MXar1cbyN+fpOYTfaGQZHQBs3hR+YZvR1Wi7tiAs5h1w7U= User2
Now we just need to use the `ssh-keygen`tool in order to get the key length in bits and then use `awk` for pretty output:
$ while read i; do echo $i > /tmp/check; echo $i | awk ‘{printf $3 “: “}’ && ssh-keygen -l -f /tmp/check | awk ‘{print $1}’; rm /tmp/check; done < ~/.ssh/authorized_keys2
User1: 2048
User2: 1024
So, as you can see, User1 has a 2048-bit key and User2 has a 1024-bit key.
