[Bug 3226] Feature request: Prempt fingerprint prompt when connecting to new server

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sat Oct 31 03:22:14 AEDT 2020


https://bugzilla.mindrot.org/show_bug.cgi?id=3226

Jakub Jelen <jjelen at redhat.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jjelen at redhat.com

--- Comment #2 from Jakub Jelen <jjelen at redhat.com> ---
(In reply to bugzilla.mindrot.org from comment #0)
> Workarounds involving ssh-keyscan, base64 (decode), hashing, base64
> (encode), fingerprint string construction, validation and writing to
> known_hosts are effective, but cumbersome.

This sounds too complicated. Running just ssh-keyscan and ssh-keygen
should give you all you need, the key for known_hosts and fingerprint:

$ ssh-keyscan github.com | tee /tmp/github.pub
github.com ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
$ ssh-keygen -lf /tmp/github.pub
2048 SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8 github.com
(RSA)

If you need also hash your hosts in known_hosts (for whatever obscure
reason), ssh-keygen has a switch to do that too:

$ ssh-keygen -Hf ~/.ssh/known_hosts

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list