Is there any way to check for how an SSH key was generated and with what type? s...

Symbiote · 2024-04-16T06:23:00 1713248580

It says the key may have been lost if it had ever been used with Putty. If you have keys of this type and have ever used Putty you should revoke them.

Helmut10001 · 2024-04-16T06:48:41 1713250121

I use pageant as my SSH Agent and WSL to access it through ssh-agent. I only used to generate Keys with Putty, (Puttygen), but reverted to standard Linux `ssh-keygen` in the last 2-3 years.

I am still wondering what the exact steps are to show the key type.

Brybry · 2024-04-16T07:37:05 1713253025

I believe ssh-keygen -t ecdsa -b 521 pub keys will have ecdsa-sha2-nistp521 in plaintext at the start. I don't know how to tell from the priv key.

And I think converted key pairs in Putty format (.ppk) will have PuTTY-User-Key-File-2: ecdsa-sha2-nistp521 in plaintext.

For Pageant you should be able to select view keys from the system tray icon context menu and it should show the key type in the list.

For ssh-agent I think ssh-add -L should list the public keys (with key type) in the same format as the authorized_keys file

I'm not an expert, so if anyone is please correct me where I'm wrong!

ajb · 2024-04-16T07:34:15 1713252855

You can look in the key file. From the OP:

"has an id starting ecdsa-sha2-nistp521 in [...] the key file" He also mentions some other places the information shows up.

Helmut10001 · 2024-04-16T07:58:29 1713254309

Ah, yes - there it is (in KeePass/KeeAgent, under `Advanced`, click on the private key file (*.ppk) and then on Open > Internal Viewer).

> PuTTY-User-Key-File-2: ssh-rsa..Encryption: aes256-cbc

Indeed I seem to have used Puttygen in the past.

For keys from Linux ssh-keygen, the private key starts with:

> -----BEGIN OPENSSH PRIVATE KEY-----

and the public key starts with

> ssh-ed25519