Calculate RSA key fingerprint

后端 未结 14 1460
别那么骄傲
别那么骄傲 2020-11-28 16:55

I need to do the SSH key audit for GitHub, but I am not sure how do find my RSA key fingerprint. I originally followed a guide to generate an SSH key on Linux.

What

相关标签:
14条回答
  • 2020-11-28 17:23

    Sometimes you can have a bunch of keys in your ~/.ssh directory, and don't know which matches the fingerprint shown by GitHub/Gitlab/etc.

    Here's how to show the key filenames and MD5 fingerprints of all the keys in your ~/.ssh directory:

    cd ~/.ssh
    find . -type f -exec printf "\n{}\n" \; -exec ssh-keygen -E md5 -lf {} \;
    

    (For what the parameters mean, refer to this answer about the find command.

    Note that the private/public files that belong to one key have the same fingerprint, so you'll see duplicates.

    0 讨论(0)
  • 2020-11-28 17:24

    Google Compute Engine shows the SSH host key fingerprint in the serial output of a Linux instance. The API can get that data from GCE, and there is no need to log in to the instance.

    I didn't find it anywhere else but from the serial output. I think the fingerprint should be in some more programmer-friendly place.

    However, it seems that it depends on the type of an instance. I am using instances of Debian 7 (Wheezy) f1-micro.

    0 讨论(0)
  • 2020-11-28 17:27

    This is the shell function I use to get my SSH key finger print for creating DigitalOcean droplets:

    fingerprint() {
        pubkeypath="$1"
        ssh-keygen -E md5 -lf "$pubkeypath" | awk '{ print $2 }' | cut -c 5-
    }
    

    Put it in your ~/.bashrc, source it, and then you can get the finger print as so:

    $ fingerprint ~/.ssh/id_rsa.pub
    d2:47:0a:87:30:a0:c0:df:6b:42:19:55:b4:f3:09:b9
    
    0 讨论(0)
  • 2020-11-28 17:33

    The newer SSH commands will list fingerprints as a SHA256 Key.

    For example:

    ssh-keygen -lf ~/.ssh/id_dsa.pub 
    1024 SHA256:19n6fkdz0qqmowiBy6XEaA87EuG/jgWUr44ZSBhJl6Y (DSA)
    

    If you need to compare it against an old fingerprint you also need to specify to use the MD5 fingerprint hashing function.

    ssh-keygen -E md5 -lf ~/.ssh/id_dsa.pub
    2048 MD5:4d:5b:97:19:8c:fe:06:f0:29:e7:f5:96:77:cb:3c:71 (DSA)
    

    Also available: -E sha1

    Update... YES...yes... I know... DSA keys for SSH should no longer be used, the older RSA key or newer ecliptic keys should be used instead.

    To those 'admins' that keep editing the command I used in the above. STOP CHANGING IT! You make the command and resulting output mis-match!

    0 讨论(0)
  • 2020-11-28 17:33

    To see your key on Ubuntu, just enter the following command on your terminal:

    ssh-add -l

    You will get an output like this: 2568 0j:20:4b:88:a7:9t:wd:19:f0:d4:4y:9g:27:cf:97:23 yourName@ubuntu (RSA)

    If however you get an error like; Could not open a connection to your authentication agent.
    Then it means that ssh-agent is not running. You can start/run it with: ssh-agent bash (thanks to @Richard in the comments) and then re-run ssh-add -l

    0 讨论(0)
  • 2020-11-28 17:33

    Reproducing content from AWS forums here, because I found it useful to my use case - I wanted to check which of my keys matched ones I had imported into AWS

    openssl pkey -in ~/.ssh/ec2/primary.pem -pubout -outform DER | openssl md5 -c

    Where: - primary.pem is the private key to check

    0 讨论(0)
提交回复
热议问题