SSH, mostrando las claves en una máquina y viendo las claves con SSH

From Wiki de Caballero
Revision as of 05:49, 28 August 2016 by Felipe (talk | contribs) (Created page with "Para mostrar las claves de forma fácil: <source lang="bash"> for i in $(ls /etc/ssh/*sa_key.pub); do ssh-keygen -l -f $i; done </source> Una forma obtenida de [http://superu...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Para mostrar las claves de forma fácil:

for i in $(ls /etc/ssh/*sa_key.pub); do ssh-keygen -l -f $i; done

Una forma obtenida de aquí que muestra lo siguiente:

+---------+---------+-------------------------------------------------+
| Cipher  | Algo    | Fingerprint                                     |
+---------+---------+-------------------------------------------------+
| RSA     | MD5     | 05:3e:10:b2:b3:69:aa:3b:8e:da:97:6f:25:3b:b5:d5 |
| RSA     | SHA-256 | brIUrrA7NBvvxL5sEVaxVWc3JsYrq1K7OlUCDYhbbOg=    |
+---------+---------+-------------------------------------------------+
| ECDSA   | MD5     | c4:59:67:5e:28:9f:cb:02:be:8f:57:2a:24:eb:c6:12 |
| ECDSA   | SHA-256 | 9sUOJTNe6X/GI4L6DcITb41STfqok8wJ2N+hUxAolNc=    |
+---------+---------+-------------------------------------------------+
| ED25519 | MD5     | 32:43:e1:0f:3e:60:2a:72:28:28:92:3d:0f:31:f2:69 |
| ED25519 | SHA-256 | US5jTUa0kgX5ZxdqaGF0yGRu8EgKXHNmoT8jHKo1StM=    |
+---------+---------+-------------------------------------------------+

Para lograr este formato este es el script:

#!/bin/bash

# standard sshd config path
SSHD_CONFIG=/etc/ssh/sshd_config

# helper functions
function tablize { 
        awk '{printf("| %-7s | %-7s | %-47s |\n", $1, $2, $3)}'
}
LINE="+---------+---------+-------------------------------------------------+"

# header
echo $LINE
echo "Cipher" "Algo" "Fingerprint" | tablize
echo $LINE

# fingerprints
for host_key in $(awk '/^HostKey/ {sub(/^HostKey\s+/,"");print $0".pub"};' $SSHD_CONFIG); do
        cipher=$(echo $host_key | sed -r 's/^.*ssh_host_([^_]+)_key\.pub$/\1/'| tr '[a-z]' '[A-Z]')
        if [[ -f "$host_key" ]]; then
                md5=$(ssh-keygen -l -f $host_key | awk '{print $2}')
                sha256=$(awk '{print $2}' $host_key | base64 -d | sha256sum -b | awk '{print $1}' | xxd -r -p | base64)

                echo $cipher MD5 $md5 | tablize
                echo $cipher SHA-256 $sha256 | tablize
                echo $LINE
        fi
done