Help:SSH Fingerprints
- SSH Fingerprints/bast1001.wikimedia.org
- SSH Fingerprints/bast2001.wikimedia.org
- SSH Fingerprints/bast4001.wikimedia.org
- SSH Fingerprints/bastion-restricted.wmflabs.org
- SSH Fingerprints/bastion.wmflabs.org
- SSH Fingerprints/gerrit.wikimedia.org:29418
- SSH Fingerprints/git-ssh.wikimedia.org
- SSH Fingerprints/hooft.esams.wikimedia.org
- SSH Fingerprints/rhenium.wikimedia.org
- SSH Fingerprints/stat1002.eqiad.wmnet
- SSH Fingerprints/stat1003.eqiad.wmnet
- SSH Fingerprints/tools-dev.wmflabs.org
- SSH Fingerprints/tools-login.wmflabs.org
To find this information, locally you can just run this:
for file in /etc/ssh/*_key.pub; do ssh-keygen -lf $file; done
Remotely (and to format it for these pages), something like this should work:
#!/usr/bin/python3
import sys
if len(sys.argv) == 0:
print('Must specify hostname')
sys.exit(0)
hostname = sys.argv[1]
port = 22
if len(sys.argv) > 2:
port = sys.argv[2]
import collections, subprocess, tempfile
with tempfile.NamedTemporaryFile() as tf:
keyscanCommand = 'ssh-keyscan', '-t', 'rsa,ecdsa,ed25519', '-p', str(port), hostname
subprocess.call(keyscanCommand, stdout = tf.file, stderr = open('/dev/null'))
fingerprints = collections.defaultdict(list)
for fingerprintHash in ['md5', 'sha256']:
keygenCommand = ['ssh-keygen', '-l', '-E', fingerprintHash, '-f', tf.name]
keygenProcess = subprocess.Popen(keygenCommand, stdout = subprocess.PIPE)
stdout, stderr = keygenProcess.communicate()
for line in stdout.decode('ascii').splitlines():
bitlen, fingerprint, hostname, type = line.split(' ')
fingerprints[type[1:-1]].append(fingerprint)
for type, keys in fingerprints.items():
print(';' + type + ':')
for key in keys:
print('* <code>' + key + '</code>')
print()
Assuming you have OpenSSH 6.8+ (Ubuntu 15.10 provides 6.9). If you don't, you'll need to get rid of the 'sha256' list entry and remove the "'-E', fingerprintHash, ".