Checking your SSH key Fingerprint

As many of you probably are already well aware, Github recently was made aware of a mass-assignment vulnerability (1). If you aren’t caught up, you can find the info here on the Github blog (2, 3).

This afternoon, Github sent out an email to users that they had disabled all SSH keys for a users’ accounts and they would remain suspended until validated. You can validate your keys by visiting the SSH keys section under your account settings where you will then be able to reject or validate each of your stored keys. These are listed by machine ID and key fingerprint.

But how do you know the fingerprint of your SSH key to ensure it is the correct one for each machine ID? Simply SSH into each machine and run the following, replacing the location of the key to match where you have yours stored:

ssh-keygen -lf ~/.ssh/id_rsa.pub