cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

How to view ssh public key "fingerprint" on the switch?

How to view ssh public key "fingerprint" on the switch?

Mykhaylo_Skrypk
New Contributor III
Hi Guys,

A quick question for you. How do l view ssh public key "fingerprint" on the switch when presented using PuTTy?

b8dc8ad106314b0bad714f78023659d9_RackMultipart20160804-112266-vmlo9j-key_inline.png


13 REPLIES 13

Erik_Auerswald
Contributor II
Hi,

SSH authenticates both communication endpoints, server and client. The server is authenticated with the public host key in a "trust on first use" model. On the first connection, the fingerprint of the server's public key is displayed to the user, who has to decide whether to trust this key or not. This decision is facilitated by checking the server's public host key's fingerprint out-of-band, e.g. when connected via serial console.

Current EXOS does not support checking the host key fingerprint. šŸ˜ž

To work around this limitation, one can copy the private key of the EXOS switch to e.g. a GNU/Linux system, and then use tools usually available on GNU/Linux to determine the fingerprint. This works for not encrypted private keys only. The private key of a device should not be copied to another system, as such the copied key needs to be securely deleted after generating the fingerprint.

  1. Display private host key on EXOSshow ssh2 private-key
  2. Copy&paste private key to file privkey.exos on GNU/Linux touch privkey.exos chmod 0600 privkey.exos cat > privkey.exos
  3. Convert EXOS key format to OpenSSH format on GNU/Linux touch privkey.openssh chmod 0600 privkey.openssh tr -dc '[:xdigit:]' < privkey.exos | xxd -p -r > privkey.openssh
  4. Generate public key from private key on GNU/Linuxssh-keygen -y -f privkey.openssh > pubkey.openssh
  5. Remove private key files (may not be secure) on GNU/Linuxshred -u privkey.exos privkey.openssh
  6. Generate fingerprint on GNU/Linuxssh-keygen -l -f pubkey.openssh | cut -d' ' -f2
The public key may be disclosed, deletion is not necessary. Step two can be omitted if you copy&paste directly into "tr".

Best regards,
Erik

Hi Erik,

Wow, thanks for this. Really detailed answer.

Thanks all,
Mykhaylo

Very clever Erik. I'll make sure Drew gets this to our Dev team as a point of discussion.

Dorian_Perry
Extreme Employee
Hi,

Try:
"show sshd2 user-key"
"show ssh2 private-key"
GTM-P2G8KFN