This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

How to view ssh public key "fingerprint" on the switch?

How to view ssh public key "fingerprint" on the switch?

Mykhaylo_Skrypk
New Contributor III

ā€Ž08-04-2016 02:20 PM

Hi Guys,

A quick question for you. How do l view ssh public key "fingerprint" on the switch when presented using PuTTy?

b8dc8ad106314b0bad714f78023659d9_RackMultipart20160804-112266-vmlo9j-key_inline.png


0 Kudos
13 REPLIES 13

Mykhaylo_Skrypk
New Contributor III
In response to Dorian_Perry

ā€Ž08-04-2016 04:04 PM

Hi Erik,

Ok good. Now l understood the whole process.

Thanks,
Mykhaylo
0 Kudos

Erik_Auerswald
Contributor II
In response to Dorian_Perry

ā€Ž08-04-2016 04:04 PM

Sorry, those are Linux commands... The private key from EXOS show output can be transformed to be compatible with Linux tools. Those can be used on Linux to view the fingerprint. Unless the key shown by EXOS is encrypted with an unknown password.

The procedure is a bit involved, therefore I did not write down all of the steps.

Erik
0 Kudos

Mykhaylo_Skrypk
New Contributor III
In response to Dorian_Perry

ā€Ž08-04-2016 04:04 PM

Hi Erik,

Thank you for your reply. I am unable to use these commands:

primary.cfg Created by ExtremeXOS version 15.3.5.2 154747 bytes saved on Wed Aug 3 01:58:43 2016
SW1-MGMT.7 # ssh-keygen -y -f
^
%% Invalid input detected at '^' marker.
SW1-MGMT.8 # show ssh2 public-key fingerprint
^
%% Invalid input detected at '^' marker.
SW1-MGMT.9 #

The information you have provided is very useful. But it is related more to the Linux/Unix operation system.

Cheers,
Mykhaylo

0 Kudos

Erik_Auerswald
Contributor II
In response to Dorian_Perry

ā€Ž08-04-2016 04:04 PM

To add some more info:

It should be possible to extract the public key from the private key using "ssh-keygen -y -f", but at least EXOS 15.3 shows an encrypted key with unknown passphrase.

An EXOS 21.1 VM shows an unencrypted private key that can be transformed to be used as input to "ssh-keygen -y -f", which correctly extracts the public key in base64 encoded form. This can be used with "ssh-keygen -l -f" to display the fingerprint.

That is quite a tedious procedure, at least a command to show the fingerprint in the switch CLI would be useful.

Erik
0 Kudos

Erik_Auerswald
Contributor II
In response to Dorian_Perry

ā€Ž08-04-2016 04:04 PM

Hi,

the output of "show ssh2 private-key" is a hex dump of the ASCII armored private key. The fingerprint shown by PuTTY is a hex dump of an MD5 checksum over the public key.

I'd like to request the introduction of "show ssh2 public-key" and "show ssh2 public-key fingerprint" commands in EXOS. The latter could even expose several fingerprint methods that are currently in use (MD5 hex dump, SHA256 base64 encoded, ASCII art). šŸ™‚

Erik
0 Kudos
GTM-P2G8KFN