webash · April 22, 2020 09:42
diff --git a/ssh_fprint.sh b/ssh_fprint.sh
 #!/bin/bash
 # server_ssh_fingerprints
 # Extracted from: https://superuser.com/questions/929566/sha256-ssh-fingerprint-given-by-the-client-but-only-md5-fingerprint-known-for-se
 #
 # Version 0.3
 #
 # 2016 Kepi <[email protected]
 # MIT License
 #
 # Print fingerprint matrix for all allowed Host Keys
 # with all allowed ciphers and MD5 and SHA-256 algos
 #
 # Changelog:
 #
 # 2018-03-11 (0.2):
 # - Support for newer versions of OpenSSH
 # - Added visual keys for all algos too - only in recent OpenSSH versions
 # 2018-05-27 (0.3-webash):
 # - Removed superfluous table lines
 # - Added cipher bit depth
 # - Rerranged so that most important information is first
 # - Removed 'md5:'/'sha:' from some outputs

 # standard sshd config path
 SSHD_CONFIG=/etc/ssh/sshd_config

 # helper functions
 function tablize {
    awk '{printf("%-7s %-48s %-4s %-7s \n", $1, $2, $3, $4)}'
 }
 # LINE=" +---------+---------+-----------------------------------------------------+"

 # header
 # echo "$LINE"
 # echo "Cipher" "Algo" "Fingerprint" | tablize
 # echo "$LINE"

 declare -A ALGOS
 declare -a ASCII

 # fingerprints
 while read -r host_key; do
    cipher=$(echo "$host_key" | sed -r 's/^.*ssh_host_([^_]+)_key\.pub$/\1/'| tr 'a-z' 'A-Z')
    if [[ -f "$host_key" ]]; then
 	bitdepth=$(ssh-keygen -l -f $host_key | awk '{print $1}')
 		
        if ssh-keygen -E md5 -l -f "$host_key" &>/dev/null; then
 		IFS=$'\n'

 		for algo in md5 sha256; do
 		    n=0
 		    for line in $(ssh-keygen -E $algo -lv -f "$host_key"); do
 			n=$(( n + 1))
 			if [[ $n -eq 1 ]]; then
 			    ALGOS[$algo]=$(echo "$line" | awk '{sub(/(MD5:|SHA256:)/,"");print $2}')
 			else
 			    ASCII[$n]="${ASCII[$n]} ${line}"
 			fi
 		    done
 		done
        else
            ALGOS[md5]=$(ssh-keygen -l -f "$host_key" | awk '{print $2}')
            ALGOS[sha256]=$(awk '{print $2}' "$host_key" | base64 -d | sha256sum -b | awk '{print $1}' | xxd -r -p | base64)
        fi

        echo "$cipher" "${ALGOS[md5]}" "$bitdepth" MD5 | tablize
        echo "$cipher" "${ALGOS[sha256]}" "$bitdepth" SHA-256 | tablize
        #echo "$LINE"
    fi
 done < <(awk '/^HostKey/ {sub(/^HostKey\s+/,"");print $0".pub"};' $SSHD_CONFIG)

 echo
 for line in "${ASCII[@]}"; do
    echo "$line"
 done
	#!/bin/bash
	# server_ssh_fingerprints
	# Extracted from: https://superuser.com/questions/929566/sha256-ssh-fingerprint-given-by-the-client-but-only-md5-fingerprint-known-for-se
	#
	# Version 0.3
	#
	# 2016 Kepi <[email protected]
	# MIT License
	#
	# Print fingerprint matrix for all allowed Host Keys
	# with all allowed ciphers and MD5 and SHA-256 algos
	#
	# Changelog:
	#
	# 2018-03-11 (0.2):
	# - Support for newer versions of OpenSSH
	# - Added visual keys for all algos too - only in recent OpenSSH versions
	# 2018-05-27 (0.3-webash):
	# - Removed superfluous table lines
	# - Added cipher bit depth
	# - Rerranged so that most important information is first
	# - Removed 'md5:'/'sha:' from some outputs

	# standard sshd config path
	SSHD_CONFIG=/etc/ssh/sshd_config

	# helper functions
	function tablize {
	awk '{printf("%-7s %-48s %-4s %-7s \n", $1, $2, $3, $4)}'
	}
	# LINE=" +---------+---------+-----------------------------------------------------+"

	# header
	# echo "$LINE"
	# echo "Cipher" "Algo" "Fingerprint" \| tablize
	# echo "$LINE"

	declare -A ALGOS
	declare -a ASCII

	# fingerprints
	while read -r host_key; do
	cipher=$(echo "$host_key" \| sed -r 's/^.*ssh_host_([^_]+)_key\.pub$/\1/'\| tr 'a-z' 'A-Z')
	if [[ -f "$host_key" ]]; then
	bitdepth=$(ssh-keygen -l -f $host_key \| awk '{print $1}')

	if ssh-keygen -E md5 -l -f "$host_key" &>/dev/null; then
	IFS=$'\n'

	for algo in md5 sha256; do
	n=0
	for line in $(ssh-keygen -E $algo -lv -f "$host_key"); do
	n=$(( n + 1))
	if [[ $n -eq 1 ]]; then
	ALGOS[$algo]=$(echo "$line" \| awk '{sub(/(MD5:\|SHA256:)/,"");print $2}')
	else
	ASCII[$n]="${ASCII[$n]} ${line}"
	fi
	done
	done
	else
	ALGOS[md5]=$(ssh-keygen -l -f "$host_key" \| awk '{print $2}')
	ALGOS[sha256]=$(awk '{print $2}' "$host_key" \| base64 -d \| sha256sum -b \| awk '{print $1}' \| xxd -r -p \| base64)
	fi

	echo "$cipher" "${ALGOS[md5]}" "$bitdepth" MD5 \| tablize
	echo "$cipher" "${ALGOS[sha256]}" "$bitdepth" SHA-256 \| tablize
	#echo "$LINE"
	fi
	done < <(awk '/^HostKey/ {sub(/^HostKey\s+/,"");print $0".pub"};' $SSHD_CONFIG)

	echo
	for line in "${ASCII[@]}"; do
	echo "$line"
	done