FEATURE REQUEST: Display fingerprint on key creation

janmojzis / tinyssh

TinySSH is small server (less than 100000 words of code)

Creative Commons Zero v1.0 Universal

1.44k stars 79 forks source link

FEATURE REQUEST: Display fingerprint on key creation #52

Open VA1DER opened 3 years ago

VA1DER commented 3 years ago

It would be nice if a key fingerprint was displayed at host key creation. Ass it stands now, there is no way to perform the initial fingerprint verification when you connect.

janmojzis commented 3 years ago

Hello, tinysshd-printkey prints the fingerprint. Example:

# tinysshd-makekey keydir
# tinysshd-printkey keydir
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHfU40DKe3EgstiZfl+Tss8ijkh2rj/yxSTdZCE+/GXK

VA1DER commented 3 years ago

No, tinysshd-printkey does not print the fingerprint. It prints the base64 representation of the public key. To get the fingerprint you have to redirect the output to a file, copy that file over to a machine that has OpenSSH, and then use ssh-keygen to display the fingerprint.

# tinysshd-printkey > textkeyfile

Then move textkeyfile to a machine that has openssh, and then

# ssh-keygen -lf textkeyfile

Key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGAfBnHfUz3xS8cAFho3Rcfo3gEia08Ge+7JIDVjN+bk Fingerprint: 256 SHA256:skPLlpa08M2z4cs/7RUEnb3vcaTmCqjOj03kBjozh/M

janmojzis commented 3 years ago

Of course tinysshd-printkey prints the public-key (sorry for the typo "s/fingerprint/public-key/").

But I think You don't need to convert the output to the sha256 fingerprint and check the fingerprint. You can use the output directly. E.g. directly to the .ssh/known_host file.

echo "`hostname`:22 `tinysshd-printkey /etc/tinyssh/sshkeydir`" >>  .ssh/known_host