Security & Hardening

SSH Key Auditing: Detect Weak Keys, Unused Authorized Keys, and Key Sprawl

Dargslan Team | April 12, 2026 | 5 min read | 6 views

SSH Key Security

SSH keys provide passwordless authentication, but unmanaged keys become a major security liability. Regular auditing prevents unauthorized access from old, weak, or forgotten keys.

Listing Authorized Keys

cat ~/.ssh/authorized_keys
for user in $(cut -d: -f1 /etc/passwd); do
  ak="/home/$user/.ssh/authorized_keys"
  [ -f "$ak" ] && echo "$user: $(wc -l < $ak) keys"
done

Detecting Weak Key Types

# Check key types
ssh-keygen -lf ~/.ssh/authorized_keys
# Weak: ssh-dss (DSA) — deprecated
# OK: ssh-rsa (RSA 2048+)
# Best: ssh-ed25519

Host Key Audit

ls -la /etc/ssh/ssh_host_*
ssh-keygen -lf /etc/ssh/ssh_host_ed25519_key.pub
ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub

Automated Audit with dargslan-sshkey-audit

pip install dargslan-sshkey-audit
dargslan-sshkey-audit

About the Author

Dargslan Editorial Team (Dargslan)

Collective of Software Developers, System Administrators, DevOps Engineers, and IT Authors

Dargslan is an independent technology publishing collective formed by experienced software developers, system administrators, and IT specialists.

The Dargslan editorial team works collaboratively to create practical, hands-on technology books focused on real-world use cases. Each publication is developed, reviewed, and...

Programming Languages Linux Administration Web Development Cybersecurity Networking

View all books

Stay Updated

Subscribe to our newsletter for the latest tutorials, tips, and exclusive offers.

Categories

SSH Key Security

Listing Authorized Keys

Detecting Weak Key Types

Host Key Audit

Automated Audit with dargslan-sshkey-audit

Dargslan Editorial Team (Dargslan)

Related Articles

How to Monitor Linux RAID Arrays: Complete mdadm Health Check Guide

Linux Audit Log Analysis: Detecting Security Events with auditd

Environment Variable Security: Protecting Secrets in Linux and DevOps

Stay Updated