How to check SSH key version locally
In general i'm searching for a method to show information about a private or public SSH key without contacting a server, like keylength, algorithm, ssh version and so on. Especially I like to know if some key is a sha1 or sha2.
For OpenSSH-format "one line" public keys:
- If it consists entirely of decimal numbers, it's a SSHv1 RSA public key. Throw it away.
- If it consists of a textual key type (e.g.
ssh-rsa
) followed by Base64-encoded data, it's a SSHv2 public key of the specified algorithm. Usessh-keygen -l -f <file>
to show the key's bit-size and fingerprint.
For PEM (OpenSSL) format private keys:
- It's practically always an SSHv2 key.
- If the header is "BEGIN PRIVATE KEY", it's a PKCS#8 format key and can be either RSA or ECDSA (see next point). If the header is "BEGIN RSA(/ECDSA) PRIVATE KEY", it's a "PEM" (PKCS#1) format key and the header indicates the type. It doesn't matter, it's still the same key.
- You can use either
ssh-keygen -l -f <file>
oropenssl pkey -in <file> -noout -text
to determine its algorithm and bit-size.
For OpenSSH format "BEGIN OPENSSH PRIVATE KEY" private keys:
- It's always an SSHv2 key.
- Again, use
ssh-keygen -l -f <file>
to show its size and algorithm.
The question "SHA1 or SHA2" does not quite apply to plain old SSH keys in the same way that it applies to X.509 certificates. Unlike X.509 certificates, where the hash algorithm is relevant because it's specified during CA signing, plain SSH keys do not contain any digests or signatures at all. (The only exception is OpenSSH "certificates", which are rare.)
That said, the key type does demand a specific hash algorithm during authentication (when the client or server signs a one-time challenge). When multiple algorithms are possible (as in the case of RSA keys), they're chosen during each authentication and are not baked into the key itself.
-
ssh-rsa
keys are used along with SHA1 by default, as specified in RFC4253 section 6.6. However, modern clients and servers additionally support the SHA2-based "rsa-sha2-256" and "rsa-sha2-512" signature mechanisms, which were added later in RFC8332.You can use the OpenSSH options PubkeyAcceptedKeyTypes or HostKeyAlgorithms to enforce SHA2 usage. (Note that the key type on file remains "ssh-rsa", only the handshake changes.)
-
ssh-dss
keys are used along with SHA1, as specified in RFC4253 and FIPS-186-2. There is no upgrade; instead the whole key format is considered obsolete (at least by OpenSSH). -
ecdsa-sha2-nistp###
keys are used along with SHA2-based algorithms as specified in RFC5656 section 6.2.1. -
ssh-ed25519
andssh-ed448
keys are used along with SHAKE256 (~SHA3) as specified in RFC8032 section 5.2.6 and draft-ietf-curdle-ssh-ed25519-ed448-08 section 5.
Finally there's the rare case of OpenSSH proprietary "SSH certificates". Whenever an OpenSSH certificate authority signs a key and turns it into a certificate, the same algorithm rules are used as listed above.
IIRC, you should be able to use ssh-keygen -L -f <file>
to see the contents of a certificate, including the hash algorithm that was used during signing.