How to check SSH key version locally

ssh sha1 sha-2

In general i'm searching for a method to show information about a private or public SSH key without contacting a server, like keylength, algorithm, ssh version and so on. Especially I like to know if some key is a sha1 or sha2.


For OpenSSH-format "one line" public keys:

  • If it consists entirely of decimal numbers, it's a SSHv1 RSA public key. Throw it away.
  • If it consists of a textual key type (e.g. ssh-rsa) followed by Base64-encoded data, it's a SSHv2 public key of the specified algorithm. Use ssh-keygen -l -f <file> to show the key's bit-size and fingerprint.

For PEM (OpenSSL) format private keys:

  • It's practically always an SSHv2 key.
  • If the header is "BEGIN PRIVATE KEY", it's a PKCS#8 format key and can be either RSA or ECDSA (see next point). If the header is "BEGIN RSA(/ECDSA) PRIVATE KEY", it's a "PEM" (PKCS#1) format key and the header indicates the type. It doesn't matter, it's still the same key.
  • You can use either ssh-keygen -l -f <file> or openssl pkey -in <file> -noout -text to determine its algorithm and bit-size.

For OpenSSH format "BEGIN OPENSSH PRIVATE KEY" private keys:

  • It's always an SSHv2 key.
  • Again, use ssh-keygen -l -f <file> to show its size and algorithm.

The question "SHA1 or SHA2" does not quite apply to plain old SSH keys in the same way that it applies to X.509 certificates. Unlike X.509 certificates, where the hash algorithm is relevant because it's specified during CA signing, plain SSH keys do not contain any digests or signatures at all. (The only exception is OpenSSH "certificates", which are rare.)

That said, the key type does demand a specific hash algorithm during authentication (when the client or server signs a one-time challenge). When multiple algorithms are possible (as in the case of RSA keys), they're chosen during each authentication and are not baked into the key itself.

  • ssh-rsa keys are used along with SHA1 by default, as specified in RFC4253 section 6.6. However, modern clients and servers additionally support the SHA2-based "rsa-sha2-256" and "rsa-sha2-512" signature mechanisms, which were added later in RFC8332.

    You can use the OpenSSH options PubkeyAcceptedKeyTypes or HostKeyAlgorithms to enforce SHA2 usage. (Note that the key type on file remains "ssh-rsa", only the handshake changes.)

  • ssh-dss keys are used along with SHA1, as specified in RFC4253 and FIPS-186-2. There is no upgrade; instead the whole key format is considered obsolete (at least by OpenSSH).

  • ecdsa-sha2-nistp### keys are used along with SHA2-based algorithms as specified in RFC5656 section 6.2.1.

  • ssh-ed25519 and ssh-ed448 keys are used along with SHAKE256 (~SHA3) as specified in RFC8032 section 5.2.6 and draft-ietf-curdle-ssh-ed25519-ed448-08 section 5.

Finally there's the rare case of OpenSSH proprietary "SSH certificates". Whenever an OpenSSH certificate authority signs a key and turns it into a certificate, the same algorithm rules are used as listed above.

IIRC, you should be able to use ssh-keygen -L -f <file> to see the contents of a certificate, including the hash algorithm that was used during signing.

Related

How to Transfer Audio Output from Mac OS X to Ubuntu via a Network?
What do you do when you print job won't cancel?
GNU BC: "modulo" % with scale other than 0
What is locationd and why is my 3rd party firewall intercepting it in Snow Leopard at intervals?
How do I prevent GDM from running at boot on Ubuntu?
How do I get Vim home directory?
Xorg: How can I map AltGr to the CapsLock Key (to toggle 3rd level symbols)
Move by word in bash
how do I copy/paste in vim ex mode
How do I change character encoding of a text file in OpenOffice.org writer?
Why is multi thread downloading faster than single thread?
make rsync wait for a confirmation before actually changing files