This is an old revision of the document!


SSHFP (fingerprint) DNS record generator

sshfp.sh
#!/bin/bash 
# ruza <ruza@ruza.eu>
# May 2012
# generates sshfp for Bind
 
FQDN="$(hostname -f)"
 
# https://tools.ietf.org/html/rfc4255  (SSHFP)
# https://tools.ietf.org/html/draft-os-ietf-sshfp-ecdsa-sha2-07
 
cipher[1]='rsa'
cipher[2]='dsa'
cipher[3]='ecdsa'
 
hashalg[1]='sha1'
hashalg[2]='sha256'
 
 
for (( i_hash = 1 ; i_hash <= ${#hashalg[@]} ; i_hash++ ));do
  for (( i_ciph = 1 ; i_ciph <= ${#cipher[@]} ; i_ciph++ ));do
 
    # no sshd host key of this type, skip it
    test -f ssh_host_${cipher[$i_ciph]}_key.pub || continue
 
    # dns comment line
    echo "; ${cipher[$i_ciph]} key hashed by ${hashalg[$i_hash]}"
    # generates hash
    HASH="$(awk '{print $2}' ssh_host_${cipher[$i_ciph]}_key.pub | openssl base64 -d -A | openssl ${hashalg[$i_hash]}|awk '{print $2}')"
    # sshfp line format
    echo "${FQDN}.      IN      SSHFP ${i_ciph} ${i_hash} ${HASH}"
  done
done  
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 3.0 Unported
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki