Wandering Thoughts archives

2020-05-29

SSHOurKeytypesUsage

What sort of SSH keys our users use or have listed in their authorized keys files

Yesterday I wrote about the surprisingly persistence of RSA keys in SSH in general terms. Today I'm going to make that concrete, by looking at what sorts of SSH keys our users have in their authorized_keys files and have used for authenticating to our systems in 2020. Unsurprisingly, these turn out to be not quite the same.

Based on some fairly brute force grep'ing of authorized_keys files, we have 729 people with authorized keys files that have (theoretically) live keys, and the key types break down like this:

  1790 ssh-rsa
   380 ssh-dss
    52 ecdsa-sha2-nistp256
    23 ssh-ed25519
     2 ecdsa-sha2-nistp256-cert-v01@openssh.com
     1 ssh-rsa-cert-v01@openssh.com
     1 ecdsa-sha2-nistp521
     1 ecdsa-sha2-nistp384

My first surprise is that we have so many DSA keys listed, since they're no longer supported (and those 380 ssh-dss keys are across 203 different people). People clearly don't clean out their authorized keys files very often. 670 people have RSA keys, 13 have Ed25519 keys, and 15 have some form of ECDSA keys (which implies that a few people list a bunch of ECDSA keys).

However, that's just what people have sitting around in their authorized keys files, not what actually gets used. What actually gets used is a somewhat different picture. Here are the numbers for how many different keys of each type have been used over the course of 2020 so far:

   387 RSA
    27 ECDSA
    15 ED25519

RSA still dominates, but not as much as before. In terms of the number of people using various sorts of keys, 240 people have used RSA keys, 10 people have used Ed25519 keys, and 8 people have used ECDSA keys. Clearly RSA keys remain quite important to our users; most of our public key SSH authentication happens with them.

(At the same time, OpenSSH's good logging means that we could actually find all of these people if we needed to and tell them that their keys needed to change. Hopefully this isn't going to be necessary, at least not in volume.)

Another nice thing to see is that a significant number of people don't just use one key for everything. Both in their authorized keys files and in actual usage, we clearly have a certain number of people who routinely use several keys even for keys of the same type.

(I haven't attempted to use our logs to see how many people use two or three different types of keys.)

sysadmin/SSHOurKeytypesUsage written at 21:18:29; Add Comment

(Previous day | Next day)
By day for May 2020: 1 3 4 6 8 9 10 11 13 14 15 17 18 20 22 24 25 27 28 29 30 31; before May; after May.

These are my WanderingThoughts
(About the blog)

Full index of entries
Recent comments

This is part of CSpace, and is written by ChrisSiebenmann.
Mastodon: @cks
Twitter @thatcks

* * *

Categories: links, linux, programming, python, snark, solaris, spam, sysadmin, tech, unix, web
Also: (Sub)topics

This is a DWiki.
GettingAround
(Help)

Search:
Page tools: See As Normal.
Search:
Login: Password:
Atom Syndication: Recent Pages, Recent Comments.
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.