There will be times when you need to actually view your SSH certificates in Linux. Why? Say, for example, you need to add a certificate for authentication in GitHub (or any other online service that requires SSH authentication). You know you’ve created those SSH certificates, but how do you view them?

For those who are familiar with SSH, you probably already know the answer to that question. After all, this is pretty basic SSH stuff. For those who are new to the ways of SSH (or Linux, macOS, or Windows for that matter), the task might stump you.

Never fear, that’s why I’m here. 

I want to show you just how easy it is to view those SSH keys, so you can use them for third-party services.

SEE: Identity theft protection policy (TechRepublic Premium)

What you’ll need

The only thing you’ll need for this is access to a server or desktop (Linux, macOS, or Windows) and an SSH key created. If you’ve not already created your SSH key pair, you can do so with the command:

ssh-keygen

That command will generate a key pair, both public and private keys. The public key is that which you send to servers for SSH key authentication. When you attempt to log in to that server, SSH will compare the public and private keys. If those keys are a match, you’ll be allowed access. Simple enough. You’re ready to move on.

How to view your SSH public key on Linux

There are two easy ways to view your SSH public key in Linux. The first method is a bit complicated, because it makes use of both ssh-agent and ssh-add commands. This is probably overkill for what you need, but it’s a good way to view the key, while requiring your SSH keypair password. The command is:

ssh-agent sh -c 'ssh-add; ssh-add -L'

Upon successful authentication, your SSH public key will print out in the terminal. You can then copy that and paste it where you need. Of course, that’s a lot of commands to remember, especially when you just need to view the contents of the public key.

If you don’t want to have to memorize yet another command, you could simply use the cat command like so:

cat ~/.ssh/id_rsa.pub

The above command will print out your SSH key on your Linux machine, without prompting you for your key authentication password.

How to view your SSH public key on macOS

Viewing your keys on macOS can be done in similar fashion as Linux. Open your terminal window and issue the command:

cat ~/.ssh/id_rsa.pub

Or:

cat /Users/USERNAME/.ssh/id_rsa.pub

Where USERNAME is your macOS username.

The above commands will print out your SSH public key. 

macOS also has one more nifty trick up its sleeve. You can copy the contents of the SSH key directly to the clipboard, without displaying the key, using the pbcopy tool. This command would be:

cat ~/.ssh/id_rsa.pub | pbcopy

Once you’ve copied the key to your clipboard, you can paste it wherever you need it.

How to view your SSH public key on Windows

On Windows, you’ll use the type command to view your SSH public key like so:

type C:\Users\USERNAME\.ssh\id_rsa.pub

Where USERNAME is the name of your user.

The above command will display your SSH public key. You can then use the Ctrl+c keyboard shortcut to copy the contents of the file.

You can also do something similar to what we did on macOS (copying the SSH public key directly to the clipboard) using the type and clip commands like so:

type C:\Users\USERNAME\.ssh\id_rsa.pub | clip

Where USERNAME is your username.

You can now paste that key wherever you need it.

How to view your private key

Chances are you’re not ever going to have to view your private key. After all, that’s the secret in the sauce that’s never on display for anyone to see. But, on the off chance you do need to view that key, you can follow the same steps as above, but remove the .pub from the file name (in any instance). Remember id_rsa is the private key and id_rsa.pub is the public key.

And that’s all there is to viewing your SSH public and private keys on Linux, macOS, and Windows. 

Just remember, treat these keys with the care and security they deserve. Although your public key will be handed out to other users and services, that private key needs to be tucked away and never shown to the public. If you do accidentally release that private key, you’ll need to remove the public key from the authorized_keys file from every server that uses the keypair, delete the public and private keys on the host, generate a new keypair, and send it to the servers you need to log in to with SSH key authentication. If you leave any trace of that compromised key pair on any server or desktop, you run the risk of allowing someone access. 

Cybersecurity Insider Newsletter

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays

Sign up today

Also see