Mailing List Archive: Way to print fingerprint of a key in your known

Hello there,

The subject line says it all, really. How can I take a line from my
known-hosts file, and print the fingerprint of the thing.

Right now, I can extract it from my known-hosts file with ssh-keygen -F
and redirect that to a temporary file, and then run ssh-keygen -l, over
it, or ssh-keygen -l -v, or ssh-keygen -B...

I note that -l will not print a fingerprint if -B is on the same line. -B
seems to override -l (regardsless of which comes first).

I also note that -v prints the ascii art representation when used with -B
alone, though the manpage makes no reference to this intercompatibility.

Regardless, doing it in one sweep (extracting and fingerprinting) still
requires that intermediate step. ssh-keygen doesn't seem to accept the
standard -f - (stdin) argument, nor can I say -f /dev/stdin

So I suppose there are a few questions.

1) Does anyone have a better way to do this?

2) Is it worth filing feature requests to modify -f to accept stdin?

3) Is it worth filing a feature request to make -l and -B usable in the
same command?

4) Or in fact for those commands to work with -F, meaning "find any key
matching foo in my known_hosts and print the fingerprint in this format".

-Dan Mahoney

--

"There is no right and wrong, there is only fun and boring."

-Fisher Stevens, "Hackers"

--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144 AIM: LarpGM
Site: http://www.gushi.org
---------------------------

On Tue, 22 Jun 2010, Dan Mahoney, System Admin wrote:

> Hello there,
>
> The subject line says it all, really. How can I take a line from my
> known-hosts file, and print the fingerprint of the thing.
>
> Right now, I can extract it from my known-hosts file with ssh-keygen -F and
> redirect that to a temporary file, and then run ssh-keygen -l, over it, or
> ssh-keygen -l -v, or ssh-keygen -B...
>
> I note that -l will not print a fingerprint if -B is on the same line. -B
> seems to override -l (regardsless of which comes first).
>
> I also note that -v prints the ascii art representation when used with -B
> alone, though the manpage makes no reference to this intercompatibility.
>
> Regardless, doing it in one sweep (extracting and fingerprinting) still
> requires that intermediate step. ssh-keygen doesn't seem to accept the
> standard -f - (stdin) argument, nor can I say -f /dev/stdin
>
> So I suppose there are a few questions.
>
> 1) Does anyone have a better way to do this?
>
> 2) Is it worth filing feature requests to modify -f to accept stdin?
>
> 3) Is it worth filing a feature request to make -l and -B usable in the same
> command?
>
> 4) Or in fact for those commands to work with -F, meaning "find any key
> matching foo in my known_hosts and print the fingerprint in this format".

To followup, it looks like -F works with -l, or -B, and in either case, -v
causes the ascii-art to be shown as well, but -l and -B being mutually
exclusive seems like a bug.

Also, the manpage usage syntax is off:

Instead of:

ssh-keygen -l [-f input_keyfile]
ssh-keygen -B [-f input_keyfile]
ssh-keygen -F hostname [-f known_hosts_file]

It should might say:

ssh-keygen -l [-v] [-f input_keyfile]
ssh-keygen -B [-v] [-f input_keyfile]
ssh-keygen -F [[-B |-l ] -v] hostname [-f known_hosts_file]

And the usage statements for the l, B, and F options should note that
these are chainable.

Should I open bug reports?

-Dan

--

"I wish the Real World would just stop hassling me!"

-Matchbox 20, Real World, off the album "Yourself or Someone Like You"

--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144 AIM: LarpGM
Site: http://www.gushi.org
---------------------------