You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I wanted to fingerprint the server I'm connecting to so I tried using fingerprint-string option and feed it the output of ssh-keygen -l -E sha512 -f /etc/ssh/ssh_host_ed25519_key.pub
Sample output: 256 SHA512:[here lies a base64 encoded fingerprint] root@myserver(ED25519)
Well it didn't work so Google I did and found this issue.
Tried MD5, didn't work. After some digging in SftpConnectionProvider.php I think I got the gist of it
What did work? ssh-keygen -l -E sha512 -f /etc/ssh/ssh_host_ed25519_key.pub | awk '{print $2}' | sed 's/SHA512://' | base64 -d | xxd -p -c 256 | sed 's/../&:/g' | sed 's/:$//'
Gave me a fingerprint that would not fail with Reason: The authenticity of host example.com can't be established
Question
Am I missing something that would make extracting the fingerprint easier?
If not should I make a PR that'd allow fingerprint-string to accept values like:
'fingerprint-string' => 'b1:94:6a:c9:24:92:d2:34:7c:62:35:b4:d2:61:11:84' // Plain MD5
'fingerprint-string' => 'e7:c2:2b:99:4c:59:d9:cf:2b:48:e5:49:b1:e2:46:66:63:60:45:93:0d:3d:a7:c1:ac:b2:99:d1:c3:b7:f9:31:f9:4a:ae:41:ed:da:2c:2b:20:7a:36:e1:0f:8b:cb:8d:45:22:3e:54:87:8f:5b:31:6e:7c:e3:b6:bc:01:96:29' // Plain SHA512, current default for non ssh-rsa keys
'fingerprint-string' => 'MD5:b1:94:6a:c9:24:92:d2:34:7c:62:35:b4:d2:61:11:84' // Plain MD5 with a prefix
'fingerprint-string' => 'SHA256:WJG1tSLV3whtD/CxEPvZ0hu0/HFjrzTQgoai6Eb2vgM=' // Base64 encoded SHA256, within the output of ssh-keyscan example.com | ssh-keygen -lf -
'fingerprint-string' => 'SHA512:58IrmUxZ2c8rSOVJseJGZmNgRZMNPafBrLKZ0cO3+TH5Sq5B7dosKyB6NuEPi8uNRSI+VIePWzFufOO2vAGWKQ==' // Base64 encoded SHA512
I think that being able to plug in a fingerprint value given by ssh-keyscan example.com | ssh-keygen -lf - (mentioned in the first result of looking up 'how to get server ssh fingerprint') a would make life a lot easier for people not deeply familiar with how fingerprinting works.
The text was updated successfully, but these errors were encountered:
Description
I wanted to fingerprint the server I'm connecting to so I tried using
fingerprint-stringoption and feed it the output ofssh-keygen -l -E sha512 -f /etc/ssh/ssh_host_ed25519_key.pubSample output:
256 SHA512:[here lies a base64 encoded fingerprint] root@myserver(ED25519)Well it didn't work so Google I did and found this issue.
Tried MD5, didn't work. After some digging in SftpConnectionProvider.php I think I got the gist of it
What did work?
ssh-keygen -l -E sha512 -f /etc/ssh/ssh_host_ed25519_key.pub | awk '{print $2}' | sed 's/SHA512://' | base64 -d | xxd -p -c 256 | sed 's/../&:/g' | sed 's/:$//'Gave me a fingerprint that would not fail with
Reason: The authenticity of host example.com can't be establishedQuestion
Am I missing something that would make extracting the fingerprint easier?
If not should I make a PR that'd allow
fingerprint-stringto accept values like:I think that being able to plug in a fingerprint value given by
ssh-keyscan example.com | ssh-keygen -lf -(mentioned in the first result of looking up 'how to get server ssh fingerprint') a would make life a lot easier for people not deeply familiar with how fingerprinting works.The text was updated successfully, but these errors were encountered: