% cat ext_rsa.pub| sed -r 's/.*(AAAA[^ ]+).*/\1/' | sha256sum ~/.ssh swlap1 d4bf8b06f2d9d9af7a11583a5367205ed310a84f0dee68d062e2ddca1e85c3ff - % ssh-keygen -lf ext_rsa.pub ~/.ssh swlap1 8192 SHA256:FgrfxmdjTM/j4wwRa7nVdPSUaJdqHYMJtJ6aciPl9ug swilson at swlap1 (RSA) Why do those differ and how would i generate the equivalent (mainly just curious)? I've also tried base64 and a few other substitutions at the end and I can't get them to match (probably would save time to just look at the code, but...).
On 30/06, shawn wilson wrote:>% cat ext_rsa.pub| sed -r 's/.*(AAAA[^ ]+).*/\1/' | sha256sum > > ~/.ssh swlap1 >d4bf8b06f2d9d9af7a11583a5367205ed310a84f0dee68d062e2ddca1e85c3ff - > % ssh-keygen -lf ext_rsa.pub > > ~/.ssh swlap1 >8192 SHA256:FgrfxmdjTM/j4wwRa7nVdPSUaJdqHYMJtJ6aciPl9ug swilson at swlap1 (RSA) > >Why do those differ and how would i generate the equivalent (mainly >just curious)? I've also tried base64 and a few other substitutions at >the end and I can't get them to match (probably would save time to >just look at the code, but...).It's not simply a checksum of the key file. You need to extract the exponent and prime from the public key, then append those to a specific string of bits, then get a SHA256 digest of that, and then base64 encode that. https://github.com/kyrias/bin/blob/master/ssh-gen-fprint has an example implementation of `ssh-keygen -lf` in Ruby. -- Sincerely, Johannes L?thberg PGP Key ID: 0x50FB9B273A9D0BB5 https://theos.kyriasis.com/~kyrias/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1495 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20150630/e5ec7267/attachment.bin>
On 30/06, Johannes L?thberg wrote:>On 30/06, shawn wilson wrote: >>% cat ext_rsa.pub| sed -r 's/.*(AAAA[^ ]+).*/\1/' | sha256sum >> >> ~/.ssh swlap1 >>d4bf8b06f2d9d9af7a11583a5367205ed310a84f0dee68d062e2ddca1e85c3ff - >>% ssh-keygen -lf ext_rsa.pub >> >> ~/.ssh swlap1 >>8192 SHA256:FgrfxmdjTM/j4wwRa7nVdPSUaJdqHYMJtJ6aciPl9ug swilson at swlap1 (RSA) >> >>Why do those differ and how would i generate the equivalent (mainly >>just curious)? I've also tried base64 and a few other substitutions at >>the end and I can't get them to match (probably would save time to >>just look at the code, but...). > >It's not simply a checksum of the key file. You need to extract the >exponent and prime from the public key, then append those to a >specific string of bits, then get a SHA256 digest of that, and then >base64 encode that. > >https://github.com/kyrias/bin/blob/master/ssh-gen-fprint has an >example implementation of `ssh-keygen -lf` in Ruby. >Oh, and support for ECC keys aren't implemented because OpenSSL doesn't support it yet. :/ -- Sincerely, Johannes L?thberg PGP Key ID: 0x50FB9B273A9D0BB5 https://theos.kyriasis.com/~kyrias/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1495 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20150630/2b68c258/attachment.bin>
On Tue, 30 Jun 2015, shawn wilson wrote:> % cat ext_rsa.pub| sed -r 's/.*(AAAA[^ ]+).*/\1/' | sha256sum > > ~/.ssh swlap1 > d4bf8b06f2d9d9af7a11583a5367205ed310a84f0dee68d062e2ddca1e85c3ff - > % ssh-keygen -lf ext_rsa.pub > > ~/.ssh swlap1 > 8192 SHA256:FgrfxmdjTM/j4wwRa7nVdPSUaJdqHYMJtJ6aciPl9ug swilson at swlap1 (RSA) > > Why do those differ and how would i generate the equivalent (mainly > just curious)? I've also tried base64 and a few other substitutions at > the end and I can't get them to match (probably would save time to > just look at the code, but...).it's a hash over the decoded contents of the second field of the public key line. In python: import base64 import hashlib keytext=open("/tmp/r.pub").read() keydata=keytext.split()[1] decoded=base64.b64decode(keydata) rawhash=hashlib.sha256(decoded).digest() texthash=base64.b64encode(rawhash) print texthash