Extreme Networks

Sorry, those are Linux commands... The private key from EXOS show output can be transformed to be compatible with Linux tools. Those can be used on Linux to view the fingerprint. Unless the key shown by EXOS is encrypted with an unknown password.

The procedure is a bit involved, therefore I did not write down all of the steps.

Erik

Hi Erik,

Thank you for your reply. I am unable to use these commands:

primary.cfg Created by ExtremeXOS version 15.3.5.2 154747 bytes saved on Wed Aug 3 01:58:43 2016
SW1-MGMT.7 # ssh-keygen -y -f
^
%% Invalid input detected at '^' marker.
SW1-MGMT.8 # show ssh2 public-key fingerprint
^
%% Invalid input detected at '^' marker.
SW1-MGMT.9 #

The information you have provided is very useful. But it is related more to the Linux/Unix operation system.

Cheers,
Mykhaylo

To add some more info:

It should be possible to extract the public key from the private key using "ssh-keygen -y -f", but at least EXOS 15.3 shows an encrypted key with unknown passphrase.

An EXOS 21.1 VM shows an unencrypted private key that can be transformed to be used as input to "ssh-keygen -y -f", which correctly extracts the public key in base64 encoded form. This can be used with "ssh-keygen -l -f" to display the fingerprint.

That is quite a tedious procedure, at least a command to show the fingerprint in the switch CLI would be useful.

Erik

Hi,

the output of "show ssh2 private-key" is a hex dump of the ASCII armored private key. The fingerprint shown by PuTTY is a hex dump of an MD5 checksum over the public key.

I'd like to request the introduction of "show ssh2 public-key" and "show ssh2 public-key fingerprint" commands in EXOS. The latter could even expose several fingerprint methods that are currently in use (MD5 hex dump, SHA256 base64 encoded, ASCII art). 🙂

Erik