kb:sshfp.sh
SSHFP (fingerprint) DNS record generator
- sshfp.sh
#!/bin/bash # ruza <ruza@ruza.eu> # May 2012 # generates sshfp for Bind PLATFORM="$(/bin/uname)" case ${PLATFORM} in AIX) FQDN="$(hostname)" DOMAIN="$(namerslv -s | grep domain | awk '{ print $2 }')" FQDN="${FQDN}.${DOMAIN}" ;; Linux) FQDN="$(hostname -f)" ;; esac # https://tools.ietf.org/html/rfc4255 (SSHFP) # https://tools.ietf.org/html/draft-os-ietf-sshfp-ecdsa-sha2-07 cipher[1]='rsa' cipher[2]='dsa' cipher[3]='ecdsa' hashalg[1]='sha1' hashalg[2]='sha256' cd /etc/ssh/ for (( i_hash = 1 ; i_hash <= ${#hashalg[@]} ; i_hash++ ));do for (( i_ciph = 1 ; i_ciph <= ${#cipher[@]} ; i_ciph++ ));do # no sshd host key of this type, skip it test -f ssh_host_${cipher[$i_ciph]}_key.pub || continue # dns comment line echo "; ${cipher[$i_ciph]} key hashed by ${hashalg[$i_hash]}" # generates hash HASH="$(awk '{print $2}' ssh_host_${cipher[$i_ciph]}_key.pub | openssl base64 -d -A | openssl ${hashalg[$i_hash]}|awk '{print $2}')" # sshfp line format echo "${FQDN}. IN SSHFP ${i_ciph} ${i_hash} ${HASH}" done done cd - 1>/dev/null
kb/sshfp.sh.txt · Last modified: 2014/09/17 09:39 by ruza