Skip to content

Sign and Verify file with SSH Keys

Signing files

ssh-keygen -Y sign -f ~/.ssh/id_rsa -n file ${file_to_sign}
  • ~/.ssh/id_rsa is the path of private key
  • the default signature name is ${file_to_sign}.sig

Verifying signatures

prepare allowed_signers with email address, key type and public key.

linux1@vm2021 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC1IUBsl/582WYfgvER5iuG6lnWWLhRvHz5jjUxOWpTVMNiDvI1eUS5XIE8m1i2PLR1CD4+65yX48q+UT9TXqFVR8N33kuHUkbnNooqUCdYfjKcGD/HqhpjUcleYdzAn6HmVW8R3byEs51wcopQMV5r57F6+EJw7ssrcgc7wvHMjs4+4erW2Nfu9h5MGXww6v3W/ampcVyCMtY568FORNfNQ8Jhan911CQl6zgGiteqI03ccOWaELtn8+QieIMEPaoDMf9n0V9ULPsK6M9RYIXv2o38HiRA2tskdOZ+hWfdMG/zw/TyhITZr1wlsxzNQvQrrRgxkt/6DVdUqL960267QfgaUqe+eGB908mAYBDD14wMI9CZqz7i8oMEOBXG4SJYg9F+5e+va/SLTUo97MkGx3Ng0zoTWNtTQYw+JHWt76QnOBGc3xNsNipceKZo5zzHp7AYxhddOaIniYqLnH9Yb3A5B4Tv9a954fikHLiv97DkUEsk2niePdD8Pb1t5UU=

use the following command to verify.

ssh-keygen -Y verify -f allowed_signers -I linux1@vm2021 -n file -s ${file_to_verify.sig} < ${file_to_verify}

The output if the signature is valid.

Good "file" signature for linux1@vm2021 with RSA key SHA256:NmVC1oHNMssv0UfhfCSUKY2UjboQrGI5RwCGK7n0pIU

Reference

  • https://www.agwa.name/blog/post/ssh_signatures

Disclaimer
  1. License under CC BY-NC 4.0
  2. Copyright issue feedback: dig +short txt issue.imzye.com
  3. Not all the commands and scripts are tested in production environment, use at your own risk
  4. No privacy information is collected here
Buy Me a Coffee