EN
Bash - print fingerprints for SSHD keys (md5, sha-1, sha-A256 fingerprints)
9 points
In this short article, we would like to show how using Bash, get a fingerprints for certificates used by SSH server under Debian.
Simple steps:
- login to your server,
- list keys in
/etc/sshdirectory with the following command:xxxxxxxxxx1ls -al /etc/sshExample output:
xxxxxxxxxx1total 6002drwxr-xr-x 2 root root 4096 Jun 19 17:22 .3drwxr-xr-x 79 root root 4096 Sep 15 08:44 ..4-rw-r--r-- 1 root root 565189 Jan 31 2020 moduli5-rw-r--r-- 1 root root 1580 Jan 31 2020 ssh_config6-rw-r--r-- 1 root root 3233 May 29 13:40 sshd_config7-rw------- 1 root root 1381 May 29 12:05 ssh_host_dsa_key8-rw-r--r-- 1 root root 607 May 29 12:05 ssh_host_dsa_key.pub9-rw------- 1 root root 513 May 29 12:05 ssh_host_ecdsa_key10-rw-r--r-- 1 root root 179 May 29 12:05 ssh_host_ecdsa_key.pub11-rw------- 1 root root 411 May 29 12:05 ssh_host_ed25519_key12-rw-r--r-- 1 root root 99 May 29 12:05 ssh_host_ed25519_key.pub13-rw------- 1 root root 1823 May 29 12:05 ssh_host_rsa_key14-rw-r--r-- 1 root root 399 May 29 12:05 ssh_host_rsa_key.pub - select one key and print fingerprints with the following commands:
xxxxxxxxxx1ssh-keygen -l -E md5 -f /etc/ssh/ssh_host_rsa_key.pub2ssh-keygen -l -E sha1 -f /etc/ssh/ssh_host_rsa_key.pub3ssh-keygen -l -E sha256 -f /etc/ssh/ssh_host_rsa_key.pubWhere:
rsainssh_host_rsa_key.pubin the above command can be replaced bydsa,ecdsaored25519depending on available cryptographic algorithms.Example output:
xxxxxxxxxx12048 MD5:9a:f3:d8:2a:fa:54:80:46:1b:63:52:7d:2f:37:f8:b5 root@my-server (RSA)22048 SHA1:X0NYsrgjgSINFEZkWuNOogbImPP root@my-server (RSA)32048 SHA256:iJcZp8p1XlTJFpsQfDb5fEwGzt2vPsshm43hi+tQU2V root@my-server (RSA)
Hint: in the presented results,
/etc/ssh/ssh_host_rsa_key.pubfile contained only one key.
