How can I review my SSH key for github?

Question

I recently got an e-mail from Github saying that I should review my SSH key:

Please review your keys and ensure you recognize them. If you have any doubts whatsoever, reject the keys and upload new keys.

How do I review my keys with git on ubuntu 11.10?

score 20 · Accepted Answer · edited Jun 20 '20 at 09:12

20

You can follow the GitHub guide "Reviewing your SSH keys"

To verify your SSH keys you need to find the fingerprint of each key on your computer and compare it to the fingerprint displayed on GitHub.

What’s a Fingerprint?

An SSH key’s fingerprint is a sequence of bytes unique to that key.
Fingerprints are usually encoded into hexadecimal strings and formatted into groups of characters for readability.

We display SSH key fingerprints on GitHub along with the key’s title:

key fingerprint

From there, for Ubuntu, you can refer to "How do I find my RSA key fingerprint on ubuntu 10.04 (hosted by linode)" (-l here means to "list" instead of create).

$ ssh-keygen -E md5 -lf ~/.ssh/id_rsa.pub

edited Jun 20 '20 at 09:12

Community

1
1

answered Mar 19 '12 at 08:08

VonC

1,262,500
529
4,410
5,250

That GitHub guide is gone. Most similar content appears to be https://help.github.com/en/articles/reviewing-your-ssh-keys – jamieguinan Mar 15 '19 at 14:41
@jamieguinan Thank you. I have revised the answer accordingly. – VonC Mar 15 '19 at 16:26
What do you think about adding `-E md5` to the example command? Github shows fingerprints in md5 format, but newer `ssh-keygen` now defaults to sha256. – jamieguinan Mar 15 '19 at 16:48
@jamieguinan Actually... I would add also -m PEM when generating a new key: https://stackoverflow.com/a/53645530/6309! I will edit the answer per your recommendation in the case of listing the fingerprint. – VonC Mar 15 '19 at 17:07

score 7 · Answer 2 · answered Aug 09 '14 at 08:13

7

You can also use https://github.com/username.keys (I used my keys as a demo URL).

answered Aug 09 '14 at 08:13

chx

11,270
7
55
129

the · Answer 3 · 2017-10-25T20:01:06.183

5

If you have a bunch of keys to compare with the GitHub fingerprint this line comes in handy:

cd ~/.ssh; for k in *.pub; do ssh-keygen -E md5 -lf $k; done

edited Oct 25 '17 at 20:01

answered Oct 25 '17 at 15:43

the

21,007
11
68
101

2

Beauty! It was the -E md5 part that I was missing to verify my key on github. – pete Mar 13 '19 at 17:19

score 2 · Answer 4 · answered Mar 19 '12 at 09:55

Try to push / pull to one of your own repositories on github. A message will appear that the current key is not authorized. In addition is the SSH fingerprint of the current computer and a link displayed where it is possible to review your keys. Follow the link and mark the SSH key from your computer as approved.

How can I review my SSH key for github?

4 Answers4

Linked