Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
kb:sshfp.sh [2012/06/24 23:25]
pasky
kb:sshfp.sh [2014/09/17 11:39] (current)
ruza aix platform support
Line 1: Line 1:
 +===== SSHFP (fingerprint) DNS record generator =====
  
 +<code bash sshfp.sh>​
 +#!/bin/bash
 +# ruza <​ruza@ruza.eu>​
 +# May 2012
 +# generates sshfp for Bind
 +
 +PLATFORM="​$(/​bin/​uname)"​
 +
 +case ${PLATFORM} in
 +  AIX)
 +        FQDN="​$(hostname)" ​                                                                                                    
 +        DOMAIN="​$(namerslv -s | grep domain | awk '{ print $2 }'​)"​
 +        FQDN="​${FQDN}.${DOMAIN}"​
 +        ;;
 +  Linux)
 +        FQDN="​$(hostname -f)"
 +        ;;
 +esac
 + 
 +# https://​tools.ietf.org/​html/​rfc4255 ​ (SSHFP)
 +# https://​tools.ietf.org/​html/​draft-os-ietf-sshfp-ecdsa-sha2-07
 + 
 +cipher[1]='​rsa'​
 +cipher[2]='​dsa'​
 +cipher[3]='​ecdsa'​
 + 
 +hashalg[1]='​sha1'​
 +hashalg[2]='​sha256'​
 +
 +cd /etc/ssh/
 + 
 +for (( i_hash = 1 ; i_hash <= ${#​hashalg[@]} ; i_hash++ ));do
 +  for (( i_ciph = 1 ; i_ciph <= ${#​cipher[@]} ; i_ciph++ ));do
 + 
 +    # no sshd host key of this type, skip it
 +    test -f ssh_host_${cipher[$i_ciph]}_key.pub || continue
 + 
 +    # dns comment line
 +    echo "; ${cipher[$i_ciph]} key hashed by ${hashalg[$i_hash]}"​
 +    # generates hash
 +    HASH="​$(awk '​{print $2}' ssh_host_${cipher[$i_ciph]}_key.pub | openssl base64 -d -A | openssl ${hashalg[$i_hash]}|awk '​{print $2}'​)"​
 +    # sshfp line format
 +    echo "​${FQDN}. ​     IN      SSHFP ${i_ciph} ${i_hash} ${HASH}"​
 +  done
 +done  ​
 +
 +cd - 1>/​dev/​null
 +</​code>​
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki