summarise ssh public key fingerprints incl. sha256

ssh_fingerprints

#!/usr/bin/env perl

use strict;
use warnings;

opendir my $etcssh, '/etc/ssh';

while (my $file = readdir $etcssh) {
    next unless ($file =~ /\.pub$/);

    open my $skg, '-|', "ssh-keygen -l -f /etc/ssh/$file"
        or die "pipe from ssh-keygen: $!";

    # Can't be bothered to turn it into pure perl just now.
    # SHA256 command line from http://superuser.com/a/929567
    my $cmd = q{awk '{print $2}' } . "/etc/ssh/$file"
        . q{ | base64 -d | sha256sum -b}
        . q{ | awk '{print $1}' | xxd -r -p | base64};

    my $sha256 = 'SHA256:' . `$cmd`;
    chomp($sha256);
    
    # Remove trailing '='.
    $sha256 =~ s/=+$//;

    # 256 39:b8:b0:c3:62:54:7a:70:ae:32:5f:b3:eb:d1:37:a3 /etc/ssh/ssh_host_ecdsa_key.pub (ECDSA)
    while (<$skg>) {
        my $line = $_;

        if ($line =~ /^\s*(\d+)\s+([a-f0-9:]+)\s+\S+\s\((\w+)\)$/) {
            printf "%4u %s %s %s\n", $1, $2, $sha256, $3;
        } else {
            die "Unexpected output from ssh-keygen: $line";
        }
    }

    close($skg) or warn "close: $!";
}

=pod
$ ~/bin/ssh_fingerprints
 256 39:b8:b0:c3:62:54:7a:70:ae:32:5f:b3:eb:d1:37:a3 SHA256:OgL4oAynSfr6ZI2YviQhVWgHQqjEfvOC3BiZPEVPEtc= ECDSA
 256 25:b8:0d:b7:90:c9:70:fe:3f:d4:de:e0:56:e6:20:cb SHA256:cvznoHNYKt63em3+Wdio+AfgHdh4lZijiHfmtVYIfGg= ED25519
1024 05:4a:f3:31:bc:e5:b7:6e:38:42:f5:ad:60:c5:d0:82 SHA256:WkFTOcOpVOiUdjsY56RRes9dkvfkTW9HB5mGDmN7Vhc= DSA
2048 00:f4:2c:dc:8a:07:25:8d:82:48:b9:d9:ff:7e:93:30 SHA256:JHSnFX9nq/BqlgmnzVu09d5wYok20No0iHfH/XYzuF4= RSA
=cut