Difference between revisions of "*nix, obtener la huella digital para SSH localmente"
Jump to navigation
Jump to search
| Line 1: | Line 1: | ||
==Simple== | |||
Al momento de logearse con SSH se da información de la huella digital del servidor ("Fingerprint for the ED25519 key" como especificado por Cyberduck). | Al momento de logearse con SSH se da información de la huella digital del servidor ("Fingerprint for the ED25519 key" como especificado por Cyberduck). | ||
| Line 8: | Line 9: | ||
# Opción 2: muestra resultado en md5, este resultado sirve en Cyberduck | # Opción 2: muestra resultado en md5, este resultado sirve en Cyberduck | ||
for f in /etc/ssh/ssh_host_*_key; do ssh-keygen -l -E md5 -f "$f"; done | for f in /etc/ssh/ssh_host_*_key; do ssh-keygen -l -E md5 -f "$f"; done | ||
</source> | |||
==Script== | |||
<source lang="bash"> | |||
#!/bin/bash | |||
# standard sshd config path | |||
SSHD_CONFIG=/etc/ssh/sshd_config | |||
# helper functions | |||
function tablize { | |||
awk '{printf("| %-7s | %-7s | %-47s |\n", $1, $2, $3)}' | |||
} | |||
LINE="+---------+---------+-------------------------------------------------+" | |||
# header | |||
echo $LINE | |||
echo "Cipher" "Algo" "Fingerprint" | tablize | |||
echo $LINE | |||
# fingerprints | |||
for host_key in $(awk '/^HostKey/ {sub(/^HostKey\s+/,"");print $0".pub"};' $SSHD_CONFIG); do | |||
cipher=$(echo $host_key | sed -r 's/^.*ssh_host_([^_]+)_key\.pub$/\1/'| tr '[a-z]' '[A-Z]') | |||
if [[ -f "$host_key" ]]; then | |||
md5=$(ssh-keygen -l -f $host_key | awk '{print $2}') | |||
sha256=$(awk '{print $2}' $host_key | base64 -d | sha256sum -b | awk '{print $1}' | xxd -r -p | base64) | |||
echo $cipher MD5 $md5 | tablize | |||
echo $cipher SHA-256 $sha256 | tablize | |||
echo $LINE | |||
fi | |||
done | |||
</source> | </source> | ||
Revision as of 20:53, 5 November 2019
Simple
Al momento de logearse con SSH se da información de la huella digital del servidor ("Fingerprint for the ED25519 key" como especificado por Cyberduck).
Para obtener las claves locales se puede ejecutar (comandos probados en Ubuntu 16.04 LTS):
# Opción 1: muestra resultado en SHA256
for f in /etc/ssh/ssh_host_*_key; do ssh-keygen -l -f "$f"; done
# Opción 2: muestra resultado en md5, este resultado sirve en Cyberduck
for f in /etc/ssh/ssh_host_*_key; do ssh-keygen -l -E md5 -f "$f"; doneScript
#!/bin/bash
# standard sshd config path
SSHD_CONFIG=/etc/ssh/sshd_config
# helper functions
function tablize {
awk '{printf("| %-7s | %-7s | %-47s |\n", $1, $2, $3)}'
}
LINE="+---------+---------+-------------------------------------------------+"
# header
echo $LINE
echo "Cipher" "Algo" "Fingerprint" | tablize
echo $LINE
# fingerprints
for host_key in $(awk '/^HostKey/ {sub(/^HostKey\s+/,"");print $0".pub"};' $SSHD_CONFIG); do
cipher=$(echo $host_key | sed -r 's/^.*ssh_host_([^_]+)_key\.pub$/\1/'| tr '[a-z]' '[A-Z]')
if [[ -f "$host_key" ]]; then
md5=$(ssh-keygen -l -f $host_key | awk '{print $2}')
sha256=$(awk '{print $2}' $host_key | base64 -d | sha256sum -b | awk '{print $1}' | xxd -r -p | base64)
echo $cipher MD5 $md5 | tablize
echo $cipher SHA-256 $sha256 | tablize
echo $LINE
fi
done