SSH Key Scanner
The SSH Key Scanner finds and analyzes SSH key files, identifying algorithms, key sizes, and potential security weaknesses like quantum-vulnerable or undersized keys.
What It Scans
Section titled “What It Scans”SSH key files in configured directories — user home directories, system SSH directories, and any custom paths where SSH keys may reside.
Supported formats:
| Format | Description |
|---|---|
| OpenSSH | Modern OpenSSH format (ssh-rsa, ssh-ed25519, ecdsa-sha2-*) |
| PEM-encoded | RSA, ECDSA, Ed25519 private keys in PEM format |
| authorized_keys | Files containing multiple public keys |
How It Works
Section titled “How It Works”- Walks configured directories looking for SSH key files
- Identifies key files by name patterns (id_rsa, id_ed25519, etc.) and content signatures
- Parses each key to extract algorithm, key size, and comment/label
- Processes authorized_keys files to extract all contained public keys
- Correlates public/private key pairs by matching key fingerprints
Configuration
Section titled “Configuration”scanners: ssh-keys: - paths: - /home/user/.ssh - /root/.ssh - /etc/ssh| Parameter | Required | Default | Description |
|---|---|---|---|
paths | Yes | — | List of directories to scan for SSH keys |
Assets Produced
Section titled “Assets Produced”| Asset Type | What’s Captured |
|---|---|
private-key | Algorithm (RSA, ECDSA, Ed25519), key size, encrypted status, file path |
public-key | Algorithm, key size, key comment/label, file path, authorized_keys source |
Deduplication
Section titled “Deduplication”Keys are deduplicated using SHA-256 of the public key bytes. A private key and its corresponding public key share the same fingerprint, linking them as a pair.
Use Cases
Section titled “Use Cases”- Find all SSH keys across servers and user accounts
- Identify weak key sizes — RSA-1024 keys that should be rotated
- Detect quantum-vulnerable algorithms — RSA and ECDSA keys that need post-quantum migration planning
- Discover orphaned keys — authorized_keys entries for users who have left the organization
Example Output
Section titled “Example Output”{ "type": "private-key", "fingerprint": "sha256:d4e5f6a7b8c9...", "algorithm": "RSA", "keySize": 2048, "encrypted": true, "comment": "deploy@prod-server", "source": { "scanner": "ssh-keys", "filePath": "/home/deploy/.ssh/id_rsa", "lastModified": "2022-03-15T10:20:30Z", "permissions": "600" }}{ "type": "public-key", "fingerprint": "sha256:d4e5f6a7b8c9...", "algorithm": "RSA", "keySize": 2048, "comment": "deploy@prod-server", "source": { "scanner": "ssh-keys", "filePath": "/home/deploy/.ssh/id_rsa.pub", "authorizedKeysFile": "/home/deploy/.ssh/authorized_keys" }}
← Back to Scanners Overview | Sensor Setup Guide