Reads your local SSH keys (~/.ssh/*.pub) and authorized_keys, then produces a deployment map showing which keys are deployed where. Shows key type (ED25519, RSA, ECDSA), fingerprint, comment, and last-used date. Matches local keys against deployed keys to identify gaps. Useful for SSH audits, key rotation, and answering 'which servers have my deploy key?'
SSHSecurityAuditCLI
Features
- Local key discovery from ~/.ssh/*.pub with fingerprint extraction
- Authorized keys scanning on local machine
- Deployment map: matching local keys against deployed keys
- Key type, fingerprint, comment, and last-used date display
- JSON output for integration with audit tooling
Flags
| Long | Short | Description |
|---|---|---|
| --version | -V | Show version and license |
| --config | -c | Custom SSH config path |
| --host | -H | Check keys for specific SSH host |
| --json | -j | Output as JSON |
Usage
terminal
$ ssh-pubkeys
$
$ ssh-pubkeys --json
$
$ ssh-pubkeys --host web-server-01
Dependencies
stdlib + ssh-keygen (system) — subprocess, os, re
Install
$ curl -LO https://labs.stech-sol.com/downloads/ssh-pubkeys/0.1.0/ssh-pubkeys_0.1.0.tar.gz
$ tar xzf ssh-pubkeys_0.1.0.tar.gz
$ chmod +x ssh-pubkeys/ssh-pubkeys.py
$ sudo ln -s $PWD/ssh-pubkeys/ssh-pubkeys.py /usr/local/bin/ssh-pubkeys
About
Downloads
Verify integrity
SHA256 checksums