ssh-keygen -f /etc/ssh/ssh_host_rsa_key.pub -r hostname
ssh-keygen -f /etc/ssh/ssh_host_dsa_key.pub -r hostname |
ssh-keygen -f /etc/ssh/ssh_host_rsa_key.pub -r hostname
ssh-keygen -f /etc/ssh/ssh_host_dsa_key.pub -r hostname
You can put the output to your dns zone.
To convert it to tinydns/djbdns style:
ssh-keygen -f /etc/ssh/ssh_host_rsa_key.pub -r hostname | perl -e 'while (defined($line = <STDIN>)) {
my ($host, $in, $sshfp, $alg, $fptype, $fp) = split " ", $line;
printf(":%s:44:\\%03o\\%03o",$host, $alg, $fptype);
for (my $i = 0; $i < length($fp); $i += 2) { printf("\\%03o", hex substr($fp, $i, 2)); }
print ":\n"
}' |
ssh-keygen -f /etc/ssh/ssh_host_rsa_key.pub -r hostname | perl -e 'while (defined($line = <STDIN>)) {
my ($host, $in, $sshfp, $alg, $fptype, $fp) = split " ", $line;
printf(":%s:44:\\%03o\\%03o",$host, $alg, $fptype);
for (my $i = 0; $i < length($fp); $i += 2) { printf("\\%03o", hex substr($fp, $i, 2)); }
print ":\n"
}'
One in all script
( [ -e /etc/ssh/ssh_host_rsa_key.pub ] && ssh-keygen -f /etc/ssh/ssh_host_rsa_key.pub -r `hostname` ;
[ -e /etc/ssh/ssh_host_dsa_key.pub ] && ssh-keygen -f /etc/ssh/ssh_host_dsa_key.pub -r `hostname` ) | perl -e '
while (defined($line = <STDIN>)) {
my ($host, $in, $sshfp, $alg, $fptype, $fp) = split " ", $line;
printf(":%s:44:\\%03o\\%03o",$host, $alg, $fptype);
for (my $i = 0; $i < length($fp); $i += 2) { printf("\\%03o", hex substr($fp, $i, 2)); }
print ":\n"
}' |
( [ -e /etc/ssh/ssh_host_rsa_key.pub ] && ssh-keygen -f /etc/ssh/ssh_host_rsa_key.pub -r `hostname` ;
[ -e /etc/ssh/ssh_host_dsa_key.pub ] && ssh-keygen -f /etc/ssh/ssh_host_dsa_key.pub -r `hostname` ) | perl -e '
while (defined($line = <STDIN>)) {
my ($host, $in, $sshfp, $alg, $fptype, $fp) = split " ", $line;
printf(":%s:44:\\%03o\\%03o",$host, $alg, $fptype);
for (my $i = 0; $i < length($fp); $i += 2) { printf("\\%03o", hex substr($fp, $i, 2)); }
print ":\n"
}'
You can also generate SSHFP records from your known hosts file, using the command sshfp. This tool is included in Fedora, although you may need to run yum install sshfp to install it first. Then you can run:
Or combined with the perl script:
sshfp -a | perl -e '
while (defined($line = <STDIN>)) {
my ($host, $in, $sshfp, $alg, $fptype, $fp) = split " ", $line;
printf(":%s:44:\\%03o\\%03o",$host, $alg, $fptype);
for (my $i = 0; $i < length($fp); $i += 2) { printf("\\%03o", hex substr($fp, $i, 2)); }
print ":\n"
}
' |
sshfp -a | perl -e '
while (defined($line = <STDIN>)) {
my ($host, $in, $sshfp, $alg, $fptype, $fp) = split " ", $line;
printf(":%s:44:\\%03o\\%03o",$host, $alg, $fptype);
for (my $i = 0; $i < length($fp); $i += 2) { printf("\\%03o", hex substr($fp, $i, 2)); }
print ":\n"
}
'
Client configuration
SSH Fingerprints are useless if your client simply ignores them. Add the following line to /etc/ssh/ssh_config:
VerifyHostKeyDNS yes
Python
When Perl is not available, you can switch to using this python script:
( [ -e /etc/ssh/ssh_host_rsa_key.pub ] && ssh-keygen -f /etc/ssh/ssh_host_rsa_key.pub -r `hostname` ;
[ -e /etc/ssh/ssh_host_dsa_key.pub ] && ssh-keygen -f /etc/ssh/ssh_host_dsa_key.pub -r `hostname` ) | python -c '
import sys
import re
line = sys.stdin.readline()
while line:
pat=re.split(" |\n",line)
sys.stdout.write( ":%s:44:\\%03o\%03o" % ( pat[0], int(pat[3]), int(pat[4])) )
for i in range(0, len(pat[5])/2):
sys.stdout.write( "\%03o" % int("0x"+pat[5][i*2]+pat[5][i*2+1],16) )
sys.stdout.write(":\n")
line = sys.stdin.readline()
' |
( [ -e /etc/ssh/ssh_host_rsa_key.pub ] && ssh-keygen -f /etc/ssh/ssh_host_rsa_key.pub -r `hostname` ;
[ -e /etc/ssh/ssh_host_dsa_key.pub ] && ssh-keygen -f /etc/ssh/ssh_host_dsa_key.pub -r `hostname` ) | python -c '
import sys
import re line = sys.stdin.readline()
while line:
pat=re.split(" |\n",line)
sys.stdout.write( ":%s:44:\\%03o\%03o" % ( pat[0], int(pat[3]), int(pat[4])) )
for i in range(0, len(pat[5])/2):
sys.stdout.write( "\%03o" % int("0x"+pat[5][i*2]+pat[5][i*2+1],16) )
sys.stdout.write(":\n")
line = sys.stdin.readline()
'
Awk
And finally a awk version:
( [ -e /etc/ssh/ssh_host_rsa_key.pub ] && ssh-keygen -f /etc/ssh/ssh_host_rsa_key.pub -r `hostname` ;
[ -e /etc/ssh/ssh_host_dsa_key.pub ] && ssh-keygen -f /etc/ssh/ssh_host_dsa_key.pub -r `hostname` ) | \
awk '{ printf ":" $1 ":44:\\%03o\\%03o", $4, $5;
for ( i=1; i<=length($6); i+=2 ){
printf "\\%03o", strtonum("0x" substr($6,i,2))
}
print ":" }' |
( [ -e /etc/ssh/ssh_host_rsa_key.pub ] && ssh-keygen -f /etc/ssh/ssh_host_rsa_key.pub -r `hostname` ;
[ -e /etc/ssh/ssh_host_dsa_key.pub ] && ssh-keygen -f /etc/ssh/ssh_host_dsa_key.pub -r `hostname` ) | \
awk '{ printf ":" $1 ":44:\\%03o\\%03o", $4, $5;
for ( i=1; i<=length($6); i+=2 ){
printf "\\%03o", strtonum("0x" substr($6,i,2))
}
print ":" }'
(1 votes, average: 5.00 out of 5)
Loading...