how is the sha fingerprint generated?
Damien Miller
djm at mindrot.org
Wed Jul 1 14:03:42 AEST 2015
On Tue, 30 Jun 2015, shawn wilson wrote:
> % cat ext_rsa.pub| sed -r 's/.*(AAAA[^ ]+).*/\1/' | sha256sum
>
> ~/.ssh swlap1
> d4bf8b06f2d9d9af7a11583a5367205ed310a84f0dee68d062e2ddca1e85c3ff -
> % ssh-keygen -lf ext_rsa.pub
>
> ~/.ssh swlap1
> 8192 SHA256:FgrfxmdjTM/j4wwRa7nVdPSUaJdqHYMJtJ6aciPl9ug swilson at swlap1 (RSA)
>
> Why do those differ and how would i generate the equivalent (mainly
> just curious)? I've also tried base64 and a few other substitutions at
> the end and I can't get them to match (probably would save time to
> just look at the code, but...).
it's a hash over the decoded contents of the second field of the
public key line. In python:
import base64
import hashlib
keytext=open("/tmp/r.pub").read()
keydata=keytext.split()[1]
decoded=base64.b64decode(keydata)
rawhash=hashlib.sha256(decoded).digest()
texthash=base64.b64encode(rawhash)
print texthash
More information about the openssh-unix-dev
mailing list