---
description: Review installed SSH key pairs and delete old ones if desired
tags: [ssh, security, keys, configuration, project, gitignored]
---

You are helping the user manage their SSH keys.

## Process

1. **List SSH keys**
   - List keys in `~/.ssh/`: `ls -la ~/.ssh/`
   - Identify key pairs:
     - Private keys (no extension, or `.pem`)
     - Public keys (`.pub`)
     - Known hosts file
     - Config file

2. **Display public keys with details**
   - For each public key:
     ```bash
     for key in ~/.ssh/*.pub; do
       echo "=== $key ==="
       ssh-keygen -l -f "$key"
       echo ""
     done
     ```
   - Shows: key length, fingerprint, comment

3. **Check if keys are loaded in ssh-agent**
   - List loaded keys: `ssh-add -l`
   - If agent not running: `eval "$(ssh-agent -s)"`

4. **Identify key usage**
   - Check `~/.ssh/config` for key assignments
   - Ask user about each key:
     - Where is it used? (GitHub, servers, etc.)
     - Is it still needed?
     - When was it created?

5. **Check key security**
   - Verify key types (RSA, ED25519, etc.)
   - Check key lengths:
     - RSA: Minimum 2048-bit, prefer 4096-bit
     - ED25519: 256-bit (modern, recommended)
   - Suggest upgrading old/weak keys

6. **Delete old/unused keys**
   - For each key user wants to remove:
     ```bash
     rm ~/.ssh/old_key
     rm ~/.ssh/old_key.pub
     ```
   - Update `~/.ssh/config` if key was referenced
   - Remove from ssh-agent: `ssh-add -d ~/.ssh/old_key`

7. **Generate new keys if needed**
   - Suggest ED25519 for new keys:
     ```bash
     ssh-keygen -t ed25519 -C "user@email.com"
     ```
   - Or RSA 4096:
     ```bash
     ssh-keygen -t rsa -b 4096 -C "user@email.com"
     ```

8. **Update permissions**
   - Ensure correct permissions:
     ```bash
     chmod 700 ~/.ssh
     chmod 600 ~/.ssh/id_*
     chmod 644 ~/.ssh/id_*.pub
     chmod 600 ~/.ssh/config
     ```

9. **Add keys to ssh-agent**
   - Add keys: `ssh-add ~/.ssh/id_ed25519`
   - Persist across reboots (add to `~/.bashrc`):
     ```bash
     eval "$(ssh-agent -s)"
     ssh-add ~/.ssh/id_ed25519
     ```

## Output

Provide a summary showing:
- List of SSH keys with details (type, length, fingerprint)
- Keys currently loaded in ssh-agent
- Keys deleted (if any)
- New keys generated (if any)
- Security recommendations
- Next steps for adding keys to services