help verifying host key
- Inicie sesión ou rexístrese para enviar comentarios
In a prior post
https://trisquel.info/en/forum/major-security-compromise
the command
cat /etc/ssh/ssh_host_ecdsa_key.pub | awk '{ print $2 }' | base64 -d | sha256sum | awk '{ print $1 }' | xxd -r -p | base64
no longer works for me,
could someone test it and confirm what I am seeing?
I am ignorant as to what you are trying to do and probably can't be much help but at least I ran the command for you. Is this what you got?
$ cat /etc/ssh/ssh_host_ecdsa_key.pub | awk '{ print $2 }' | base64 -d | sha256sum | awk '{ print $1 }' | xxd -r -p | base64
cat: /etc/ssh/ssh_host_ecdsa_key.pub: No such file or directory
47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=
I think 'cat' says, that what I am looking for is not there: "No such file or directory" and sha256sum agrees: "47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=" about which https://www.rfc-editor.org/errata/rfc487 says "The sha1 value (in base64) for an empty body (canonicalized to a null input) is "2jmj7l5rSw0yVb/vlWAYkK/YBwk=".
'The sha256 value is "47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=".
I found "https://www.ibm.com/docs/en/zos/2.3.0?topic=susd-steps-setting-up-server-authentication-when-keys-are-stored-in-unix-files" to create what I am looking for if I need it. But I am not using sshd. Hopefully you can get an educated response from someone so I can learn something :)
I am using Nabia and have the Trisquel_11 testing iso downloaded. Looking at the earlier post you mentioned:
$ sha256sum -c trisquel_11.0_amd64.iso.sha256 trisquel_11.0_amd64.iso
trisquel_11.0_amd64.iso: OK
sha256sum: trisquel_11.0_amd64.iso: no properly formatted SHA256 checksum lines found
also
$ sha256sum trisquel_11.0_amd64.iso && cat trisquel_11.0_amd64.iso.sha256
a20e38854260b9f9ed326d767541d190856d871414e78d6fc0536e94c34c3188 trisquel_11.0_amd64.iso
a20e38854260b9f9ed326d767541d190856d871414e78d6fc0536e94c34c3188 trisquel_11.0_amd64.iso
I assume "no properly formatted SHA256 checksum lines found" is nothing to worry about.
I am not sure what you are trying to do. For questions like these, it would be helpful to add to your post:
1. What you want to do.
2. What is going wrong. (including error messages and such)
Are you just trying to compute the fingerprint of a key? Then you can just do that with ssh-keygen, like this:
ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key.pub
That will print the fingerprint, along with some other information.
In fact, it returns the same fingerprint as the pipe chain in your post, at least when I tested it.
liberpoolesque, Clarity is a good thing:)
"I am not sure what you are trying to do. For questions like these, it would be helpful to add to your post:
1. What you want to do.
2. What is going wrong. (including error messages and such)"
Good points.
I was hoping to get jeremy.b to add details to his original post.
Re 'I assume "no properly formatted SHA256 checksum lines found" is nothing to worry about,' I think this is better:
$ sha256sum -c trisquel_11.0_amd64.iso.sha256
trisquel_11.0_amd64.iso: OK
- Inicie sesión ou rexístrese para enviar comentarios