From 2db8da301c90026fa01e4579ddae010c68f84e0a Mon Sep 17 00:00:00 2001 From: Johannes Löthberg Date: Tue, 5 May 2015 18:30:54 +0200 Subject: add ssh_get_fprint Small ruby script that takes a public SSH key and prints the MD5 and SHA256 fingerprints --- ssh_gen_fprint | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 85 insertions(+) create mode 100755 ssh_gen_fprint diff --git a/ssh_gen_fprint b/ssh_gen_fprint new file mode 100755 index 0000000..ccea1b2 --- /dev/null +++ b/ssh_gen_fprint @@ -0,0 +1,85 @@ +#!/usr/bin/env ruby + +require 'openssl' +require 'base64' + +# Parse SSH keys to be used by OpenSSL lib +# Taken from Zerg Support project. +# See: https://github.com/pwnall/zerg_support/blob/faaa5dd140c95588a1db2a25f6c9d9cacb4f9b0a/lib/zerg_support/open_ssh.rb +module OpenSSHKeyConverter + # The components in a openssh .pub / known_host RSA public key. + RSA_COMPONENTS = ['ssh-rsa', :e, :n] + # The components in a openssh .pub / known_host DSA public key. + DSA_COMPONENTS = ['ssh-dss', :p, :q, :g, :pub_key] + + # Decodes an openssh public key from the format of .pub & known_hosts files. + def self.decode_pubkey(string) + components = unpack_pubkey_components Base64.decode64(string) + case components.first + when RSA_COMPONENTS.first + ops = RSA_COMPONENTS.zip components + key = OpenSSL::PKey::RSA.new + when DSA_COMPONENTS.first + ops = DSA_COMPONENTS.zip components + key = OpenSSL::PKey::DSA.new + else + fail "Unsupported key type #{components.first}" + end + ops.each do |o| + next unless o.first.is_a? Symbol + key.send "#{o.first}=", decode_mpi(o.last) + end + key + end + + # Loads a serialized key from an IO instance (File, StringIO). + def self.load_key(io) + serialized_key = io.read + header = first_line serialized_key + if header.index 'RSA' + OpenSSL::PKey::RSA.new serialized_key + elsif header.index 'DSA' + OpenSSL::PKey::DSA.new serialized_key + else + fail 'Unknown key type' + end + end + + # Extracts the first line of a string. + def self.first_line(string) + string[0, string.index(/\r|\n/) || string.len] + end + + # Unpacks the string components in an openssh-encoded pubkey. + def self.unpack_pubkey_components(str) + cs = [] + i = 0 + while i < str.length + len = str[i, 4].unpack('N').first + cs << str[i + 4, len] + i += 4 + len + end + cs + end + + # Decodes an openssh-mpi-encoded integer. + def self.decode_mpi(mpi_str) + mpi_str.unpack('C*').inject(0) { |a, e| (a << 8) | e } + end +end + +path_to_key = ARGV[0] + +key = File.read(path_to_key).split[1] +key = OpenSSHKeyConverter.decode_pubkey(key) +key = OpenSSL::PKey::RSA.new(key) + +data_string = [7].pack('N') + 'ssh-rsa' + key.public_key.e.to_s(0) + key.public_key.n.to_s(0) + +sha_digest = OpenSSL::Digest::SHA256.digest(data_string) +sha_fingerprint = Base64.encode64(sha_digest) + +md5_fingerprint = OpenSSL::Digest::MD5.hexdigest(data_string).scan(/../).join(':') + +puts('MD5: ' + md5_fingerprint) +puts('SHA256: ' + sha_fingerprint) -- cgit v1.2.3-70-g09d2