[Bug 3226] Feature request: Prempt fingerprint prompt when connecting to new server
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sat Oct 31 03:22:14 AEDT 2020
https://bugzilla.mindrot.org/show_bug.cgi?id=3226
Jakub Jelen <jjelen at redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jjelen at redhat.com
--- Comment #2 from Jakub Jelen <jjelen at redhat.com> ---
(In reply to bugzilla.mindrot.org from comment #0)
> Workarounds involving ssh-keyscan, base64 (decode), hashing, base64
> (encode), fingerprint string construction, validation and writing to
> known_hosts are effective, but cumbersome.
This sounds too complicated. Running just ssh-keyscan and ssh-keygen
should give you all you need, the key for known_hosts and fingerprint:
$ ssh-keyscan github.com | tee /tmp/github.pub
github.com ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
$ ssh-keygen -lf /tmp/github.pub
2048 SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8 github.com
(RSA)
If you need also hash your hosts in known_hosts (for whatever obscure
reason), ssh-keygen has a switch to do that too:
$ ssh-keygen -Hf ~/.ssh/known_hosts
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list