EN
Bash - print fingerprints for SSHD keys (md5, sha-1, sha-A256 fingerprints)
9
points
In this short article, we would like to show how using Bash, get a fingerprint for any certificate used by SSH server under Debian.
Simple steps:
- list keys in
/etc/ssh
directory with the following command:ls -al /etc/ssh
Example output:
total 600 drwxr-xr-x 2 root root 4096 Jun 19 17:22 . drwxr-xr-x 79 root root 4096 Sep 15 08:44 .. -rw-r--r-- 1 root root 565189 Jan 31 2020 moduli -rw-r--r-- 1 root root 1580 Jan 31 2020 ssh_config -rw-r--r-- 1 root root 3233 May 29 13:40 sshd_config -rw------- 1 root root 1381 May 29 12:05 ssh_host_dsa_key -rw-r--r-- 1 root root 607 May 29 12:05 ssh_host_dsa_key.pub -rw------- 1 root root 513 May 29 12:05 ssh_host_ecdsa_key -rw-r--r-- 1 root root 179 May 29 12:05 ssh_host_ecdsa_key.pub -rw------- 1 root root 411 May 29 12:05 ssh_host_ed25519_key -rw-r--r-- 1 root root 99 May 29 12:05 ssh_host_ed25519_key.pub -rw------- 1 root root 1823 May 29 12:05 ssh_host_rsa_key -rw-r--r-- 1 root root 399 May 29 12:05 ssh_host_rsa_key.pub
- select one key and print fingerprints with the following commands:
ssh-keygen -l -E md5 -f /etc/ssh/ssh_host_rsa_key.pub ssh-keygen -l -E sha1 -f /etc/ssh/ssh_host_rsa_key.pub ssh-keygen -l -E sha256 -f /etc/ssh/ssh_host_rsa_key.pub
Example output:
2048 MD5:9a:f3:d8:2a:fa:54:80:46:1b:63:52:7d:2f:37:f8:b5 root@my-server (RSA) 2048 SHA1:X0NYsrgjgSINFEZkWuNOogbImPP root@my-server (RSA) 2048 SHA256:iJcZp8p1XlTJFpsQfDb5fEwGzt2vPsshm43hi+tQU2V root@my-server (RSA)
Hint: in the presented results,
/etc/ssh/ssh_host_rsa_key.pub
file contained only one key.