Created
June 3, 2020 09:37
-
-
Save pirafrank/ed3740d923d2d029c65dfafb577ca7cb to your computer and use it in GitHub Desktop.
Script that calculates digest of SSH host keys (different algorithms, output in HEX and Base64) and generates SSHFP DNS entries
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# available as gist at https://gist.github.com/pirafrank/df40b2b082b91ed79036b328a3f010da | |
# keep it in this order to match SSHFP numbers | |
keylist="/etc/ssh/ssh_host_rsa_key.pub /etc/ssh/ssh_host_dsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ed25519_key.pub" | |
SSHFP=0 | |
algolist="sha256 sha1 md5" | |
function uppercase { | |
tr [:lower:] [:upper:] | |
} | |
function hashit { | |
# compose command name | |
cmd="${1}sum" | |
awk '{print $2}' $2 | base64 -d | eval $cmd -b | awk '{print $1}' | |
} | |
printf "\n\nPrinting SSH host key fingerprints and SSHFP DNS entries\n\n" | |
printf "\nHostname: %s\n" "$(hostname)" | |
for keyfile in $keylist; do | |
SSHFP=$(($SSHFP + 1)) | |
if [ -f $keyfile ]; then | |
printf "\n $keyfile\n" | |
for algo in $algolist; do | |
HEXHASH=$(hashit $algo $keyfile) | |
BASE64HASH=$(echo $HEXHASH | xxd -r -p | base64) | |
printf " %-6s -- %-6s -- %s\n" "$(echo ${algo}sum | uppercase)" "HEX" "$HEXHASH" | |
printf " %-6s -- %-6s -- %s\n" "$(echo ${algo}sum | uppercase)" "BASE64" "$BASE64HASH" | |
printf "\n" | |
if [ $algo == 'sha1' ]; then | |
printf " $(hostname) IN SSHFP $SSHFP 1 $HEXHASH\n" | |
fi | |
if [ $algo == 'sha256' ]; then | |
printf " $(hostname) IN SSHFP $SSHFP 2 $HEXHASH\n" | |
fi | |
printf "\n\n" | |
done | |
fi | |
done | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment