SSHFP (fingerprint) DNS record generator
- sshfp.sh
#!/bin/bash
# ruza <ruza@ruza.eu>
# May 2012
# generates sshfp for Bind
PLATFORM="$(/bin/uname)"
case ${PLATFORM} in
AIX)
FQDN="$(hostname)"
DOMAIN="$(namerslv -s | grep domain | awk '{ print $2 }')"
FQDN="${FQDN}.${DOMAIN}"
;;
Linux)
FQDN="$(hostname -f)"
;;
esac
# https://tools.ietf.org/html/rfc4255 (SSHFP)
# https://tools.ietf.org/html/draft-os-ietf-sshfp-ecdsa-sha2-07
cipher[1]='rsa'
cipher[2]='dsa'
cipher[3]='ecdsa'
hashalg[1]='sha1'
hashalg[2]='sha256'
cd /etc/ssh/
for (( i_hash = 1 ; i_hash <= ${#hashalg[@]} ; i_hash++ ));do
for (( i_ciph = 1 ; i_ciph <= ${#cipher[@]} ; i_ciph++ ));do
# no sshd host key of this type, skip it
test -f ssh_host_${cipher[$i_ciph]}_key.pub || continue
# dns comment line
echo "; ${cipher[$i_ciph]} key hashed by ${hashalg[$i_hash]}"
# generates hash
HASH="$(awk '{print $2}' ssh_host_${cipher[$i_ciph]}_key.pub | openssl base64 -d -A | openssl ${hashalg[$i_hash]}|awk '{print $2}')"
# sshfp line format
echo "${FQDN}. IN SSHFP ${i_ciph} ${i_hash} ${HASH}"
done
done
cd - 1>/dev/null