Qiita Teams that are logged in
You are not logged in to any team

Log in to Qiita Team
Community
OrganizationAdvent CalendarQiitadon (β)
Service
Qiita JobsQiita ZineQiita Blog
Help us understand the problem. What is going on with this article?

ssh鍵の鍵指紋を表示

More than 5 years have passed since last update.

ssh-keygen -l -f 鍵ファイル で可能.鍵は公開鍵秘密鍵どちらでもOK(もちろん同じ鍵ペアだと同じ結果が帰って来る).

$ ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub
1024 29:3f:e1:d7:12:9e:9b:47:07:77:6e:3d:98:87:ba:63 /etc/ssh/ssh_host_dsa_key.pub (DSA)
$ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
2048 31:3a:2d:90:c5:21:ef:bd:a9:d9:a3:f9:00:48:e0:fc /etc/ssh/ssh_host_rsa_key.pub (RSA)
$ ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key.pub
256 1a:b9:16:84:a7:86:0f:b3:e3:e8:42:3f:bc:55:c3:20 /etc/ssh/ssh_host_ecdsa_key.pub (ECDSA)
$ ssh-keygen -l -f ~/.ssh/id_dsa.pub
1024 ac:19:5e:fb:62:22:0a:af:67:29:d0:f1:75:fa:94:59 /home/mk/.ssh/id_dsa.pub (DSA)
$ ssh-keygen -l -f ~/.ssh/id_rsa.pub
2048 68:91:c3:a0:58:22:d8:13:7a:07:06:9f:a7:b8:ec:01 /home/mk/.ssh/id_rsa.pub (RSA)
$ ssh-keygen -l -f ~/.ssh/id_ecdsa.pub
256 0b:fb:21:45:d6:a0:7d:57:02:24:9b:d3:ed:c7:c6:23 /home/mk/.ssh/id_ecdsa.pub (ECDSA)

ssh-agent に登録しているものは以下のコマンドで確認可能

$ ssh-add -l
2048 b3:83:65:00:3b:54:20:15:57:ec:6b:d7:f8:78:8c:9f mk@x210s (RSA)
 :

Hash Visualization の表示には v option を付与する.

% ssh-keygen -vlf id_ed25519.pub
256 c8:de:fd:ad:b6:64:9b:bd:14:8a:09:60:b7:f0:bf:fb  mk@x220 (ED25519)
+--[ED25519  256--+
|                 |
|                 |
|      + .        |
|     o * .       |
|      o S     .  |
|     . . + o . . |
|      . . = + .  |
|           =.*   |
|          o+Eo+. |
+-----------------+

追記)
OpenSSH 6.8/6.8p1 から規定値の鍵指紋アルゴリズムと表示形式が変わった.
- 旧 : MD5/hex
- 新 : SHA256/base64
そして-Eオプションでアルゴリズムが指定できるようになった
※ssh-keygen --help より

   ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]

※man より

 -E fingerprint_hash
         Specifies the hash algorithm used when displaying key fingerprints.  Valid options are: “md5” and “sha256”.  The default is “sha256”.

OpenSSH 6.8p1 で実行.SHA256/base64 で表示される.頭の方にアルゴリズムが付くように.visual の方もアルゴリズムが入るように.

% ~/usr/local/openssh-6.8p1/bin/ssh-keygen -l -v -f /etc/ssh/ssh_host_ecdsa_key
256 SHA256:pDZReijOXeDXAE0IgYb5E+DHgbyvClEllKCs499RI54 root@x220(ECDSA)
+---[ECDSA 256]---+
|+*+++oo=+        |
|*o*o...=.o       |
|.=o+. = = .      |
|.o+o o B         |
|+ ..o.=oS        |
|.o ...+..        |
|...  E           |
|... . .          |
|o  . .           |
+----[SHA256]-----+

-E オプションを使いMD5/hexで表示

% ~/usr/local/openssh-6.8p1/bin/ssh-keygen -l -v -E md5 -f /etc/ssh/ssh_host_ecdsa_key
256 MD5:e8:d0:53:e7:34:59:e9:77:3a:e7:8d:8a:a9:f6:91:84 root@x220(ECDSA)
+---[ECDSA 256]---+
|            ..   |
|           o.    |
|        . =.     |
|     . o = .. . .|
|    . + E o  . o |
|     o . . .  o .|
|      .   o    =.|
|        .  +  . o|
|       ..o+ ..   |
+------[MD5]------+

OpenSSH 6.8/6.8p1 以前が廃れるまで併記したほうが良いのかもしれない.

追記2)
OpenSSH 7.2ssh-keygenに標準入力と複数の鍵の格納されたファイルが扱える機能が入る予定.リリースされたら再度確認してblogに書く予定.

matoken
Google+ に居ます https://plus.google.com/u/0/103792214056489833385/posts
https://matoken.org
Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away