Differences

This shows you the differences between two versions of the page.

--- kb:sshfp.sh [2012/06/24 21:25] – pasky
+++ kb:sshfp.sh [2014/09/17 09:39] (current) – aix platform support ruza
@@ Line 1: / Line 1: @@
+===== SSHFP (fingerprint) DNS record generator =====
+<code bash sshfp.sh>
+#!/bin/bash
+# ruza <ruza@ruza.eu>
+# May 2012
+# generates sshfp for Bind
+PLATFORM="$(/bin/uname)"
+case ${PLATFORM} in
+  AIX)
+        FQDN="$(hostname)"
+        DOMAIN="$(namerslv -s | grep domain | awk '{ print $2 }')"
+        FQDN="${FQDN}.${DOMAIN}"
+        ;;
+  Linux)
+        FQDN="$(hostname -f)"
+        ;;
+esac
+# https://tools.ietf.org/html/rfc4255  (SSHFP)
+# https://tools.ietf.org/html/draft-os-ietf-sshfp-ecdsa-sha2-07
+cipher[1]='rsa'
+cipher[2]='dsa'
+cipher[3]='ecdsa'
+hashalg[1]='sha1'
+hashalg[2]='sha256'
+cd /etc/ssh/
+for (( i_hash = 1 ; i_hash <= ${#hashalg[@]} ; i_hash++ ));do
+  for (( i_ciph = 1 ; i_ciph <= ${#cipher[@]} ; i_ciph++ ));do
+    # no sshd host key of this type, skip it
+    test -f ssh_host_${cipher[$i_ciph]}_key.pub || continue
+    # dns comment line
+    echo "; ${cipher[$i_ciph]} key hashed by ${hashalg[$i_hash]}"
+    # generates hash
+    HASH="$(awk '{print $2}' ssh_host_${cipher[$i_ciph]}_key.pub | openssl base64 -d -A | openssl ${hashalg[$i_hash]}|awk '{print $2}')"
+    # sshfp line format
+    echo "${FQDN}.      IN      SSHFP ${i_ciph} ${i_hash} ${HASH}"
+  done
+done
+cd - 1>/dev/null
+</code>