How can you tell how old an ssh key is?

Question

I'm connecting to a remote server, but want to make sure that they keys have been created relatively recently. How can I tell when the keys for that ssh server were generated?

If I can't check remotely, is there a way to use tools to check the server's keys age locally?

Why's it matter? changing the servers key will require you to re-validate for all users. — xenoterracide, Nov 13 '09 at 21:00
I was asked to determine how long a particular key on a server had been in place and I couldn't think of a way to know for sure. An SSL certificate is stamped in the certificate itself, for instance (as the example that was given me). The requesting party wanted to know something similar about ssh and I couldn't find a good answer. — Jim, Dec 10 '09 at 17:40

Zoredache · Accepted Answer · 2009-11-13T20:54:46.877

5

ls -l /etc/ssh/ssh_host* perhaps?

There is no guarantee that they aren't old though.

edited Nov 13 '09 at 20:54

answered Nov 13 '09 at 20:15

Zoredache

130,897
41
276
420

3

ls -l should do it, but stat will give you modification / creation and access .. better way to gauge, just in case. – Philip Reynolds Nov 13 '09 at 20:20
the -al was just habit. I type it so often that I don't even think about it anymore. – Zoredache Nov 13 '09 at 20:55
Might consider aliasing "ls -l[a]" to `ll` – Jeremy L Nov 13 '09 at 20:59

score 2 · Answer 2 · answered Nov 15 '09 at 03:37

If you are trying to detect someone being nefarious there really isn't anything stopping them from changing the date on those files. The only real way is to keep your own list/database with the key and the date it was added.

Using something with ssh-keyscan you could cook up a pretty quick solution to scan your whole network and store the information into say an sqlite db file with a date.

How can you tell how old an ssh key is?

2 Answers2