CODEWITHSUNDEEP
gitlabssh-keys
cjs
cjs

Reputation: 27201

GitLab: How to find the owner of an SSH key

Given an SSH public key or fingerprint that has been registered with GitLab, how do I find out which account is associated with that key?

Note that the key may have been registered as a "deploy key," in which case I'd like to know account that registered it.

I'd prefer to know ways to do this using both the standard web UI (if possible), and programatically via the REST API. If neither of these are possible, I'll take answers that involve digging into the internals of GitLab (e.g., via a query on GitLab's database) if necessary.

Upvotes: 10

Views: 5882

Answers (4)

doelleri
doelleri

Reputation: 19682

In GitLab 12.6 the Keys API introduced a method to get a user by SSH key fingerprint.

curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/keys?fingerprint=01:23:45:67:89:ab:cd:ef:01:23:45:67:89:ab:cd:ef"

If the key happens to be a deploy key, in GitLab 12.7 the same keys endpoint was enhanced to get a user by deploy key fingerprint as well.

Note that both of these methods are only available to GitLab adminstrators.

Upvotes: 3

rpetti
rpetti

Reputation: 612

With a GitLab omnibus installation, you can use the rails console:

gitlab-rails console
> User.find(Key.find_by(fingerprint: '00:00:00:00...').user_id)

With the value of fingerprint being replaced with the md5 fingerprint of the key.

Upvotes: 8

Joost Evertse
Joost Evertse

Reputation: 1075

If you can access the postgres console:

root@gitlab:/# gitlab-psql
    psql (9.6.8)
    Type "help" for help.

    gitlabhq_production=#
    gitlabhq_production=# select a.name,a.username,b.fingerprint 
from users a, keys b where a.id=b.user_id;

         name      | username |                   fingerprint                   
    ---------------+----------+-------------------------------------------------
     Administrator | root     | f4:cc:ec:76:d0:1c:86:1d:45:6d:a7:6e:b3:df:32:7c
    (1 row)

Upvotes: 10

VonC
VonC

Reputation: 1323653

I don't see any public API (like in the User API for instance) which would take an SSH key fingerprint as a parameter.

I see it used only as an internal API, to retrieve the actual SSH key: merge request 250.

That code can give you a clue to as to how to code your own search.

Upvotes: 1

Related Questions