*nix, obtener la huella digital para SSH localmente

From Wiki de Caballero
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Simple

Al momento de logearse con SSH se da información de la huella digital del servidor ("Fingerprint for the ED25519 key" como especificado por Cyberduck).

Para obtener las claves locales se puede ejecutar (comandos probados en Ubuntu 16.04 LTS):

# Opción 1: muestra resultado en SHA256
for f in /etc/ssh/ssh_host_*_key; do ssh-keygen -l -f "$f"; done

# Opción 2: muestra resultado en md5, este resultado sirve en Cyberduck
for f in /etc/ssh/ssh_host_*_key; do ssh-keygen -l -E md5 -f "$f"; done

Script

Note: No testeado, usar como inspiración.

#!/bin/bash

# standard sshd config path
SSHD_CONFIG=/etc/ssh/sshd_config

# helper functions
function tablize { 
        awk '{printf("| %-7s | %-7s | %-47s |\n", $1, $2, $3)}'
}
LINE="+---------+---------+-------------------------------------------------+"

# header
echo $LINE
echo "Cipher" "Algo" "Fingerprint" | tablize
echo $LINE

# fingerprints
for host_key in $(awk '/^HostKey/ {sub(/^HostKey\s+/,"");print $0".pub"};' $SSHD_CONFIG); do
        cipher=$(echo $host_key | sed -r 's/^.*ssh_host_([^_]+)_key\.pub$/\1/'| tr '[a-z]' '[A-Z]')
        if [[ -f "$host_key" ]]; then
                md5=$(ssh-keygen -l -f $host_key | awk '{print $2}')
                sha256=$(awk '{print $2}' $host_key | base64 -d | sha256sum -b | awk '{print $1}' | xxd -r -p | base64)

                echo $cipher MD5 $md5 | tablize
                echo $cipher SHA-256 $sha256 | tablize
                echo $LINE
        fi
done