Skip to content

Instantly share code, notes, and snippets.

@zygiss

zygiss/sshfp_gen.sh

Created May 7, 2016 03:41
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save zygiss/b6caf37d4d8553b0d26b5b44c997df0a to your computer and use it in GitHub Desktop.
Save zygiss/b6caf37d4d8553b0d26b5b44c997df0a to your computer and use it in GitHub Desktop.
Download ZIP
Quick script to prepare SSHFP DNS records on a host
Raw
sshfp_gen.sh
#!/bin/sh
# https://www.iana.org/assignments/dns-sshfp-rr-parameters/dns-sshfp-rr-parameters.xhtml
set_sha() {
if [ "`uname -s`" = "Linux" ]; then
sha="sha${fp_algo}sum"
else
sha="sha${fp_algo}"
fi
}
gen_fp() {
pk_algo=$1
fp_algo=$2
case $pk_algo in
"rsa") pk_value=1 ;;
"ecdsa") pk_value=3 ;;
"ed25519") pk_value=4 ;;
esac
case $fp_algo in
1) fp_value=1 ;;
256) fp_value=2 ;;
esac
file="/etc/ssh/ssh_host_${pk_algo}_key.pub"
echo -n "SSHFP $pk_value $fp_value "
set_sha
awk '{ print $2 }' $file | openssl base64 -d -A | $sha | tr '[:lower:]' '[:upper:]' | awk '{ print $1 }'
}
for pk_algo in rsa ecdsa ed25519 ; do
for fp_algo in 1 256 ; do
gen_fp $pk_algo $fp_algo
done
done
@zygiss
Copy link
Author

zygiss commented May 7, 2016
edited 

% ./sshfp_gen.sh
SSHFP 1 1 D10F1CC9E07D171F8B0B55199A9E3C0D0C822947
SSHFP 1 2 BBDC17DBB63EE907FEA0186A60C7B7CA734F74D92D9859511D954CF40ED70464
SSHFP 3 1 C41BED2EF5FFB70C63B7C3E4177FE3B664919A4D
SSHFP 3 2 952467625840FB4B3EB425CAB57D7B2B7E8CD03F4184884C7D0DF68015B25671
SSHFP 4 1 C1959C036FB22C22E745A2DFD6845613C4F623CB
SSHFP 4 2 5EEFABA44BDB36FEA1DA3C1F68B969F5C717ECE25A09959CD304C50C8B8E53A4

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment