刚刚创建了一个小型的bash脚本,该脚本将为服务器和算法中的服务器(根据/etc/ssh/sshd_config
)打印所有带有指纹的指纹表。这是示例输出:SSH-256
MD5
+---------+---------+-----------------------------------------------------+
| Cipher | Algo | Fingerprint |
+---------+---------+-----------------------------------------------------+
| RSA | MD5 | MD5:15:66:80:fd:79:d8:c0:92:e8:39:4a:bc:4e:c4:00:15 |
| RSA | SHA-256 | SHA256:G+rKuLGk+8Z1oxUV3cox0baNsH0qGQWm/saWPr4qZMM |
+---------+---------+-----------------------------------------------------+
| ECDSA | MD5 | MD5:f5:90:5c:03:2e:38:1b:c9:86:bd:86:47:5d:22:79:17 |
| ECDSA | SHA-256 | SHA256:GGmuOzsG4EGeRV9KD1WK7tRf3nIc40k/5jRgbTZDpTo |
+---------+---------+-----------------------------------------------------+
| ED25519 | MD5 | MD5:d1:5a:04:56:37:f4:75:19:22:e6:e5:d7:41:fd:79:fa |
| ED25519 | SHA-256 | SHA256:QVdqYeVzvsP4n5yjuN3D2fu8hDhskOxQCQAV5f9QK7w |
+---------+---------+-----------------------------------------------------+
+---[RSA 2048]----+ +---[RSA 2048]----+ +---[ECDSA 256]---+ +---[ECDSA 256]---+ +--[ED25519 256]--+ +--[ED25519 256]--+
|.oE. +.++ | | .o+= | | ... Eoo | | .. o.o.. .| | ooo++o.+*| | .o++o. +oo |
| . o +oo. | | .o= = | | +.=.=.o . | | . .o *.. ..| | . oo.+o.o=| | ...o.+ |
| + . . o.= | | ... X + | | . X.o.* | |o o ++o .. | | . o. ...+| | ..oo.o . |
| = + .+ o | | .. = + o | | + = o o | |.+ .o.o .o | | + ..o| | =oo .+ |
| o o .S . | | . .S o o | | . = S . | |... oo.S .E* * | | S ..| | .SO . . |
| + | | . E. =o.. | | o | | .. o. . o *.O o| | . | | o B .o.. |
| o | | .o. *.o. *. | | | | ... . o * * | | . | | E *..=.o|
| . | | oo=... +. | | | | +. o + o| | E| | . +.+B+|
| | |o+=.o....o+o | | | | .o+ . | | | | o.ooOX|
+------[MD5]------+ +----[SHA256]-----+ +------[MD5]------+ +----[SHA256]-----+ +------[MD5]------+ +----[SHA256]-----+
脚本还将在SSH
以下版本的服务器上运行6.8
(-E md5
添加选项之前)。
编辑:SSH的最新版本的更新版本,现在使用ASCII图像支持切换了默认密码。
#!/bin/bash
# server_ssh_fingerprints
#
# Version 0.2
#
# 2016 Kepi <kepi@igloonet.cz
# MIT License
#
# Print fingerprint matrix for all allowed Host Keys
# with all allowed ciphers and MD5 and SHA-256 algos
#
# Changelog:
#
# 2018-03-11 (0.2):
# - Support for newer versions of OpenSSH
# - Added visual keys for all algos too - only in recent OpenSSH versions
# standard sshd config path
SSHD_CONFIG=/etc/ssh/sshd_config
# helper functions
function tablize {
awk '{printf(" | %-7s | %-7s | %-51s |\n", $1, $2, $3)}'
}
LINE=" +---------+---------+-----------------------------------------------------+"
# header
echo "$LINE"
echo "Cipher" "Algo" "Fingerprint" | tablize
echo "$LINE"
declare -A ALGOS
declare -a ASCII
# fingerprints
while read -r host_key; do
cipher=$(echo "$host_key" | sed -r 's/^.*ssh_host_([^_]+)_key\.pub$/\1/'| tr 'a-z' 'A-Z')
if [[ -f "$host_key" ]]; then
if ssh-keygen -E md5 -l -f "$host_key" &>/dev/null; then
IFS=$'\n'
for algo in md5 sha256; do
n=0
for line in $(ssh-keygen -E $algo -lv -f "$host_key"); do
n=$(( n + 1))
if [[ $n -eq 1 ]]; then
ALGOS[$algo]=$(echo "$line" | awk '{print $2}')
else
ASCII[$n]="${ASCII[$n]} ${line}"
fi
done
done
else
ALGOS[md5]=$(ssh-keygen -l -f "$host_key" | awk '{print $2}')
ALGOS[sha256]=$(awk '{print $2}' "$host_key" | base64 -d | sha256sum -b | awk '{print $1}' | xxd -r -p | base64)
fi
echo "$cipher" MD5 "${ALGOS[md5]}" | tablize
echo "$cipher" SHA-256 "${ALGOS[sha256]}" | tablize
echo "$LINE"
fi
done < <(awk '/^HostKey/ {sub(/^HostKey\s+/,"");print $0".pub"};' $SSHD_CONFIG)
echo
for line in "${ASCII[@]}"; do
echo "$line"
done
使用来自JonnyJD
答案的信息,这只是漂亮的印刷品。谢谢。