Difference between revisions of "SSH, mostrando las claves en una máquina y viendo las claves con SSH"

From Wiki de Caballero
Jump to navigation Jump to search
(Created page with "Para mostrar las claves de forma fácil: <source lang="bash"> for i in $(ls /etc/ssh/*sa_key.pub); do ssh-keygen -l -f $i; done </source> Una forma obtenida de [http://superu...")
 
Line 4: Line 4:
</source>
</source>


Una forma obtenida de [http://superuser.com/a/1030779/369045 aquí] que muestra lo siguiente:
Se puede ejecutar el siguiente código ([https://github.com/caballerofelipe/scripts/blob/master/ssh/ssh_fingerprint.sh ver el código en GitHub]):
<source lang="bash">
<source lang="bash">
+---------+---------+-------------------------------------------------+
curl -sS https://raw.githubusercontent.com/caballerofelipe/scripts/master/ssh/ssh_fingerprint.sh | bash
| Cipher  | Algo    | Fingerprint                                    |
+---------+---------+-------------------------------------------------+
| RSA    | MD5    | 05:3e:10:b2:b3:69:aa:3b:8e:da:97:6f:25:3b:b5:d5 |
| RSA    | SHA-256 | brIUrrA7NBvvxL5sEVaxVWc3JsYrq1K7OlUCDYhbbOg=    |
+---------+---------+-------------------------------------------------+
| ECDSA  | MD5    | c4:59:67:5e:28:9f:cb:02:be:8f:57:2a:24:eb:c6:12 |
| ECDSA  | SHA-256 | 9sUOJTNe6X/GI4L6DcITb41STfqok8wJ2N+hUxAolNc=    |
+---------+---------+-------------------------------------------------+
| ED25519 | MD5    | 32:43:e1:0f:3e:60:2a:72:28:28:92:3d:0f:31:f2:69 |
| ED25519 | SHA-256 | US5jTUa0kgX5ZxdqaGF0yGRu8EgKXHNmoT8jHKo1StM=    |
+---------+---------+-------------------------------------------------+
</source>
</source>


Para lograr este formato este es el script:
Lo que genera un resultado parecido al siguiente:
<source lang="bash">
<source lang="bash">
#!/bin/bash
+---------+---------+-----------------------------------------------------+
 
| Cipher  | Algo    | Fingerprint                                        |
# standard sshd config path
+---------+---------+-----------------------------------------------------+
SSHD_CONFIG=/etc/ssh/sshd_config
| RSA    | MD5    | MD5:15:66:80:fd:79:d8:c0:92:e8:39:4a:bc:4e:c4:00:15 |
 
| RSA    | SHA-256 | SHA256:G+rKuLGk+8Z1oxUV3cox0baNsH0qGQWm/saWPr4qZMM  |
# helper functions
+---------+---------+-----------------------------------------------------+
function tablize {
| ECDSA  | MD5    | MD5:f5:90:5c:03:2e:38:1b:c9:86:bd:86:47:5d:22:79:17 |
        awk '{printf("| %-7s | %-7s | %-47s |\n", $1, $2, $3)}'
| ECDSA  | SHA-256 | SHA256:GGmuOzsG4EGeRV9KD1WK7tRf3nIc40k/5jRgbTZDpTo  |
}
+---------+---------+-----------------------------------------------------+
LINE="+---------+---------+-------------------------------------------------+"
| ED25519 | MD5    | MD5:d1:5a:04:56:37:f4:75:19:22:e6:e5:d7:41:fd:79:fa |
 
| ED25519 | SHA-256 | SHA256:QVdqYeVzvsP4n5yjuN3D2fu8hDhskOxQCQAV5f9QK7w  |
# header
+---------+---------+-----------------------------------------------------+
echo $LINE
echo "Cipher" "Algo" "Fingerprint" | tablize
echo $LINE
 
# fingerprints
for host_key in $(awk '/^HostKey/ {sub(/^HostKey\s+/,"");print $0".pub"};' $SSHD_CONFIG); do
        cipher=$(echo $host_key | sed -r 's/^.*ssh_host_([^_]+)_key\.pub$/\1/'| tr '[a-z]' '[A-Z]')
        if [[ -f "$host_key" ]]; then
                md5=$(ssh-keygen -l -f $host_key | awk '{print $2}')
                sha256=$(awk '{print $2}' $host_key | base64 -d | sha256sum -b | awk '{print $1}' | xxd -r -p | base64)
 
                echo $cipher MD5 $md5 | tablize
                echo $cipher SHA-256 $sha256 | tablize
                echo $LINE
        fi
done
</source>
</source>

Revision as of 21:52, 14 March 2020

Para mostrar las claves de forma fácil: 

for i in $(ls /etc/ssh/*sa_key.pub); do ssh-keygen -l -f $i; done

Se puede ejecutar el siguiente código (ver el código en GitHub): 

curl -sS https://raw.githubusercontent.com/caballerofelipe/scripts/master/ssh/ssh_fingerprint.sh | bash

Lo que genera un resultado parecido al siguiente: 

+---------+---------+-----------------------------------------------------+
| Cipher  | Algo    | Fingerprint                                         |
+---------+---------+-----------------------------------------------------+
| RSA     | MD5     | MD5:15:66:80:fd:79:d8:c0:92:e8:39:4a:bc:4e:c4:00:15 |
| RSA     | SHA-256 | SHA256:G+rKuLGk+8Z1oxUV3cox0baNsH0qGQWm/saWPr4qZMM  |
+---------+---------+-----------------------------------------------------+
| ECDSA   | MD5     | MD5:f5:90:5c:03:2e:38:1b:c9:86:bd:86:47:5d:22:79:17 |
| ECDSA   | SHA-256 | SHA256:GGmuOzsG4EGeRV9KD1WK7tRf3nIc40k/5jRgbTZDpTo  |
+---------+---------+-----------------------------------------------------+
| ED25519 | MD5     | MD5:d1:5a:04:56:37:f4:75:19:22:e6:e5:d7:41:fd:79:fa |
| ED25519 | SHA-256 | SHA256:QVdqYeVzvsP4n5yjuN3D2fu8hDhskOxQCQAV5f9QK7w  |
+---------+---------+-----------------------------------------------------+
Retrieved from "http://wiki.caballero.co/index.php?title=SSH,_mostrando_las_claves_en_una_máquina_y_viendo_las_claves_con_SSH&oldid=809"