Skip to content

Instantly share code, notes, and snippets.

@whitehat101

whitehat101/collect_host_keys.bash

Last active December 3, 2016 06:16
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save whitehat101/e4d61e1958dec81f1de078103c3f6b14 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save whitehat101/e4d61e1958dec81f1de078103c3f6b14 to your computer and use it in GitHub Desktop.
Download ZIP
Collect all of a SSH server's host keys
Raw
collect_host_keys.bash
#!/bin/bash
#
# !!! This function will attempt DOZENS of ssh connections !!!
# try not to scare your sysadmins
#
function collect_host_keys {
ukhf=$(mktemp)
keys=""
for alg in $(ssh -Q key); do
>$ukhf # truncate
# ignore system config
ssh -F /dev/null \
-o "StrictHostKeyChecking=no" \
-o "HostKeyAlgorithms=$alg" \
-o "UserKnownHostsFile=$ukhf" \
-o "HashKnownHosts=no" \
-o "PreferredAuthentications=none" \
$1 "exit" >&2
read key < $ukhf
if [ ! -z "$key" ]; then
keys+="$key\n"
fi
done
rm $ukhf
echo -ne $keys
}
Raw
example-collect_host_keys.md

ssh logs to /dev/random, keys to host_keys

$ collect_host_keys git@github.com 2>/dev/random >host_keys

$ cat host_keys
github.com,192.30.253.113 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
github.com,192.30.253.113 ssh-dss AAAAB3NzaC1kc3MAAACBANGFW2P9xlGU3zWrymJgI/lKo//ZW2WfVtmbsUZJ5uyKArtlQOT2+WRhcg4979aFxgKdcsqAYW3/LS1T2km3jYW/vr4Uzn+dXWODVk5VlUiZ1HFOHf6s6ITcZvjvdbp6ZbpM+DuJT7Bw+h5Fx8Qt8I16oCZYmAPJRtu46o9C2zk1AAAAFQC4gdFGcSbp5Gr0Wd5Ay/jtcldMewAAAIATTgn4sY4Nem/FQE+XJlyUQptPWMem5fwOcWtSXiTKaaN0lkk2p2snz+EJvAGXGq9dTSWHyLJSM2W6ZdQDqWJ1k+cL8CARAqL+UMwF84CR0m3hj+wtVGD/J4G5kW2DBAf4/bqzP4469lT+dF2FRQ2L9JKXrCWcnhMtJUvua8dvnwAAAIB6C4nQfAA7x8oLta6tT+oCk2WQcydNsyugE8vLrHlogoWEicla6cWPk7oXSspbzUcfkjN3Qa6e74PhRkc7JdSdAlFzU3m7LMkXo1MHgkqNX8glxWNVqBSc0YRdbFdTkL0C6gtpklilhvuHQCdbgB3LBAikcRkDp+FCVkUgPC/7Rw==

all to console

$ collect_host_keys git@github.com
ssh_dispatch_run_fatal: Connection to 192.30.253.113: no matching host key type found
ssh_dispatch_run_fatal: Connection to 192.30.253.112: no matching host key type found
Warning: Permanently added 'github.com,192.30.253.113' (RSA) to the list of known hosts.
Permission denied (publickey).
Warning: Permanently added 'github.com,192.30.253.113' (DSA) to the list of known hosts.
Permission denied (publickey).
ssh_dispatch_run_fatal: Connection to 192.30.253.113: no matching host key type found
ssh_dispatch_run_fatal: Connection to 192.30.253.113: no matching host key type found
ssh_dispatch_run_fatal: Connection to 192.30.253.113: no matching host key type found
ssh_dispatch_run_fatal: Connection to 192.30.253.113: no matching host key type found
ssh_dispatch_run_fatal: Connection to 192.30.253.113: no matching host key type found
ssh_dispatch_run_fatal: Connection to 192.30.253.113: no matching host key type found
ssh_dispatch_run_fatal: Connection to 192.30.253.113: no matching host key type found
ssh_dispatch_run_fatal: Connection to 192.30.253.113: no matching host key type found
ssh_dispatch_run_fatal: Connection to 192.30.253.113: no matching host key type found
ssh_dispatch_run_fatal: Connection to 192.30.253.113: no matching host key type found
github.com,192.30.253.113 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
github.com,192.30.253.113 ssh-dss AAAAB3NzaC1kc3MAAACBANGFW2P9xlGU3zWrymJgI/lKo//ZW2WfVtmbsUZJ5uyKArtlQOT2+WRhcg4979aFxgKdcsqAYW3/LS1T2km3jYW/vr4Uzn+dXWODVk5VlUiZ1HFOHf6s6ITcZvjvdbp6ZbpM+DuJT7Bw+h5Fx8Qt8I16oCZYmAPJRtu46o9C2zk1AAAAFQC4gdFGcSbp5Gr0Wd5Ay/jtcldMewAAAIATTgn4sY4Nem/FQE+XJlyUQptPWMem5fwOcWtSXiTKaaN0lkk2p2snz+EJvAGXGq9dTSWHyLJSM2W6ZdQDqWJ1k+cL8CARAqL+UMwF84CR0m3hj+wtVGD/J4G5kW2DBAf4/bqzP4469lT+dF2FRQ2L9JKXrCWcnhMtJUvua8dvnwAAAIB6C4nQfAA7x8oLta6tT+oCk2WQcydNsyugE8vLrHlogoWEicla6cWPk7oXSspbzUcfkjN3Qa6e74PhRkc7JdSdAlFzU3m7LMkXo1MHgkqNX8glxWNVqBSc0YRdbFdTkL0C6gtpklilhvuHQCdbgB3LBAikcRkDp+FCVkUgPC/7Rw==

example sshd logs (LogLevel VERBOSE)

sshd[13255]: Set /proc/self/oom_score_adj to 0
sshd[13255]: Connection from 172.28.128.1 port 62450 on 172.28.128.4 port 22
sshd[13255]: Connection closed by 172.28.128.1 [preauth]
sshd[13257]: Set /proc/self/oom_score_adj to 0
sshd[13257]: Connection from 172.28.128.1 port 62451 on 172.28.128.4 port 22
sshd[13257]: fatal: no hostkey alg [preauth]
sshd[13259]: Set /proc/self/oom_score_adj to 0
sshd[13259]: Connection from 172.28.128.1 port 62452 on 172.28.128.4 port 22
sshd[13259]: Connection closed by 172.28.128.1 [preauth]
sshd[13261]: Set /proc/self/oom_score_adj to 0
sshd[13261]: Connection from 172.28.128.1 port 62453 on 172.28.128.4 port 22
sshd[13261]: Connection closed by 172.28.128.1 [preauth]
sshd[13263]: Set /proc/self/oom_score_adj to 0
sshd[13263]: Connection from 172.28.128.1 port 62454 on 172.28.128.4 port 22
sshd[13263]: Connection closed by 172.28.128.1 [preauth]
sshd[13265]: Set /proc/self/oom_score_adj to 0
sshd[13265]: Connection from 172.28.128.1 port 62455 on 172.28.128.4 port 22
sshd[13265]: fatal: no hostkey alg [preauth]
sshd[13267]: Set /proc/self/oom_score_adj to 0
sshd[13267]: Connection from 172.28.128.1 port 62456 on 172.28.128.4 port 22
sshd[13267]: fatal: no hostkey alg [preauth]
sshd[13269]: Set /proc/self/oom_score_adj to 0
sshd[13269]: Connection from 172.28.128.1 port 62457 on 172.28.128.4 port 22
sshd[13269]: fatal: no hostkey alg [preauth]
sshd[13271]: Set /proc/self/oom_score_adj to 0
sshd[13271]: Connection from 172.28.128.1 port 62458 on 172.28.128.4 port 22
sshd[13271]: fatal: no hostkey alg [preauth]
sshd[13273]: Set /proc/self/oom_score_adj to 0
sshd[13273]: Connection from 172.28.128.1 port 62459 on 172.28.128.4 port 22
sshd[13273]: fatal: no hostkey alg [preauth]
sshd[13275]: Set /proc/self/oom_score_adj to 0
sshd[13275]: Connection from 172.28.128.1 port 62460 on 172.28.128.4 port 22
sshd[13275]: fatal: no hostkey alg [preauth]
sshd[13277]: Set /proc/self/oom_score_adj to 0
sshd[13277]: Connection from 172.28.128.1 port 62461 on 172.28.128.4 port 22
sshd[13277]: fatal: no hostkey alg [preauth]
sshd[13279]: Set /proc/self/oom_score_adj to 0
sshd[13279]: Connection from 172.28.128.1 port 62462 on 172.28.128.4 port 22
sshd[13279]: fatal: no hostkey alg [preauth]
sshd[13281]: Set /proc/self/oom_score_adj to 0
sshd[13281]: Connection from 172.28.128.1 port 62463 on 172.28.128.4 port 22
Raw
example-nmap.md 
$ nmap github.com -p 22 --script ssh-hostkey --script-args ssh_hostkey=all

Starting Nmap 7.31 ( https://nmap.org ) at 2016-12-02 21:53 PST
Nmap scan report for github.com (192.30.253.112)
Host is up (0.090s latency).
Other addresses for github.com (not scanned): 192.30.253.113
PORT   STATE SERVICE
22/tcp open  ssh
| ssh-hostkey:
|   1024 ad:1c:08:a4:40:e3:6f:9c:f5:66:26:5d:4b:33:5d:8c (DSA)
| 1024 xitan-cuhef-vilem-ryvyt-hesil-sihev-bedis-mukyb-hetal-cidug-nuxex (DSA)
|
| +--[ DSA 1024]----+
| |oo  .       o.   |
| |...o      .E..   |
| | .. ..   = .     |
| |  o o.o.o.+      |
| |   = ..*S..      |
| |  .   =. o       |
| |        o        |
| |                 |
| |                 |
| +-----------------+
|
| ssh-dss AAAAB3NzaC1kc3MAAACBANGFW2P9xlGU3zWrymJgI/lKo//ZW2WfVtmbsUZJ5uyKArtlQOT2+WRhcg4979aFxgKdcsqAYW3/LS1T2km3jYW/vr4Uzn+dXWODVk5VlUiZ1HFOHf6s6ITcZvjvdbp6ZbpM+DuJT7Bw+h5Fx8Qt8I16oCZYmAPJRtu46o9C2zk1AAAAFQC4gdFGcSbp5Gr0Wd5Ay/jtcldMewAAAIATTgn4sY4Nem/FQE+XJlyUQptPWMem5fwOcWtSXiTKaaN0lkk2p2snz+EJvAGXGq9dTSWHyLJSM2W6ZdQDqWJ1k+cL8CARAqL+UMwF84CR0m3hj+wtVGD/J4G5kW2DBAf4/bqzP4469lT+dF2FRQ2L9JKXrCWcnhMtJUvua8dvnwAAAIB6C4nQfAA7x8oLta6tT+oCk2WQcydNsyugE8vLrHlogoWEicla6cWPk7oXSspbzUcfkjN3Qa6e74PhRkc7JdSdAlFzU3m7LMkXo1MHgkqNX8glxWNVqBSc0YRdbFdTkL0C6gtpklilhvuHQCdbgB3LBAikcRkDp+FCVkUgPC/7Rw==
|   2048 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48 (RSA)
| 2048 xozok-ruped-hogyn-lizoh-cakig-likor-vevom-mepit-hedan-darul-fexox (RSA)
|
| +--[ RSA 2048]----+
| |        .        |
| |       + .       |
| |      . B .      |
| |     o * +       |
| |    X * S        |
| |   + O o . .     |
| |    .   E . o    |
| |       . . o     |
| |        . .      |
| +-----------------+
|
|_ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==

Nmap done: 1 IP address (1 host up) scanned in 2.68 seconds
Raw
ssh.md

Also ssh-keyscan can be used.

see http://unix.stackexchange.com/a/268692/48050

$ ssh-keyscan github.com
# github.com:22 SSH-2.0-libssh-0.7.0
github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
# github.com:22 SSH-2.0-libssh-0.7.0
# github.com:22 SSH-2.0-libssh-0.7.0

$ ssh-keyscan -t rsa,dsa github.com
# github.com:22 SSH-2.0-libssh-0.7.0
github.com ssh-dss AAAAB3NzaC1kc3MAAACBANGFW2P9xlGU3zWrymJgI/lKo//ZW2WfVtmbsUZJ5uyKArtlQOT2+WRhcg4979aFxgKdcsqAYW3/LS1T2km3jYW/vr4Uzn+dXWODVk5VlUiZ1HFOHf6s6ITcZvjvdbp6ZbpM+DuJT7Bw+h5Fx8Qt8I16oCZYmAPJRtu46o9C2zk1AAAAFQC4gdFGcSbp5Gr0Wd5Ay/jtcldMewAAAIATTgn4sY4Nem/FQE+XJlyUQptPWMem5fwOcWtSXiTKaaN0lkk2p2snz+EJvAGXGq9dTSWHyLJSM2W6ZdQDqWJ1k+cL8CARAqL+UMwF84CR0m3hj+wtVGD/J4G5kW2DBAf4/bqzP4469lT+dF2FRQ2L9JKXrCWcnhMtJUvua8dvnwAAAIB6C4nQfAA7x8oLta6tT+oCk2WQcydNsyugE8vLrHlogoWEicla6cWPk7oXSspbzUcfkjN3Qa6e74PhRkc7JdSdAlFzU3m7LMkXo1MHgkqNX8glxWNVqBSc0YRdbFdTkL0C6gtpklilhvuHQCdbgB3LBAikcRkDp+FCVkUgPC/7Rw==
# github.com:22 SSH-2.0-libssh-0.7.0
github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment