Show sha256 ssh kost key hashes

This commit is contained in:
Bob Mottram 2016-11-22 23:52:33 +00:00
parent 5cc61278d5
commit a64644181f
3 changed files with 13 additions and 4 deletions

View File

@ -184,7 +184,9 @@ function restore_remote_vim {
} }
function remove_vim { function remove_vim {
apt-get -yq remove --purge vim # Don't remove vim because vim-common is needed for showing ssh host keys
# This may change with Debian Stretch
# apt-get -yq remove --purge vim
update-alternatives --set editor /usr/bin/nano update-alternatives --set editor /usr/bin/nano
sed -i '/install_vim/d' $COMPLETION_FILE sed -i '/install_vim/d' $COMPLETION_FILE

View File

@ -724,7 +724,7 @@ function menu_security_settings {
case $(cat $data) in case $(cat $data) in
1) 1)
dialog --title $"SSH host public key" \ dialog --title $"SSH host public key" \
--msgbox "\n$(get_ssh_server_key)" 7 60 --msgbox "\n$(get_ssh_server_key)" 12 60
exit 0 exit 0
;; ;;
2) 2)

View File

@ -78,7 +78,7 @@ function configure_ssh {
echo "KexAlgorithms $SSH_KEX" >> /etc/ssh/sshd_config echo "KexAlgorithms $SSH_KEX" >> /etc/ssh/sshd_config
fi fi
apt-get -yq install fail2ban apt-get -yq install fail2ban vim-common
function_check configure_firewall_for_ssh function_check configure_firewall_for_ssh
configure_firewall_for_ssh configure_firewall_for_ssh
@ -153,7 +153,14 @@ function configure_firewall_for_ssh {
} }
function get_ssh_server_key { function get_ssh_server_key {
echo $(ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub | awk -F ' ' '{print $2}') if [ -f /etc/ssh/ssh_host_rsa_key.pub ]; then
echo "RSA Md5:$(ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub | awk -F ' ' '{print $2}')"
echo "RSA SHA256:$(awk '{print $2}' /etc/ssh/ssh_host_rsa_key.pub | base64 -d | sha256sum -b | awk '{print $1}' | xxd -r -p | base64)"
fi
if [ -f /etc/ssh/ssh_host_ed25519_key.pub ]; then
echo "ED25519 Md5:$(ssh-keygen -lf /etc/ssh/ssh_host_ed25519_key.pub | awk -F ' ' '{print $2}')"
echo "ED25519 SHA256:$(awk '{print $2}' /etc/ssh/ssh_host_ed25519_key.pub | base64 -d | sha256sum -b | awk '{print $1}' | xxd -r -p | base64)"
fi
} }
# NOTE: deliberately no exit 0 # NOTE: deliberately no exit 0