2014-02-26 06:11:39 +01:00
|
|
|
== Publish SSH Host Key Fingerprints in DNS ==
|
|
|
|
|
|
|
|
üblicherweise werden durch ssh-keygen folgende .pub Schlüsselpaare erstellt:
|
|
|
|
|
2014-02-26 06:15:53 +01:00
|
|
|
<source lang="bash">
|
2014-02-26 06:11:39 +01:00
|
|
|
/etc/ssh/ssh_host_rsa_key.pub
|
|
|
|
/etc/ssh/ssh_host_dsa_key.pub
|
|
|
|
/etc/ssh/ssh_host_ecdsa_key.pub
|
2014-02-26 06:15:53 +01:00
|
|
|
</source>
|
2014-02-26 06:11:39 +01:00
|
|
|
|
|
|
|
ein typischer SSHFP Record sieht wie folgt aus:
|
|
|
|
|
2014-02-26 06:15:53 +01:00
|
|
|
<source lang="bash">
|
2014-02-26 06:11:39 +01:00
|
|
|
server.hq.c3d2.de. 86400 IN SSHFP 2 1 2492656260c5452d5c5452c6d21ea770f79bb9c8
|
2014-02-26 06:15:53 +01:00
|
|
|
</source>
|
2014-02-26 06:11:39 +01:00
|
|
|
|
|
|
|
2 gibt den Typ des SSH Keys an, die Angabe wird unterteilt in:
|
|
|
|
|
2014-02-26 06:15:53 +01:00
|
|
|
{{NiftyDiv|
|
|
|
|
Farbe=#b4d9fa|
|
|
|
|
Inhalt=
|
|
|
|
|
2014-02-26 06:19:25 +01:00
|
|
|
Value: '''0''' Algorithm name: '''reserved'''
|
|
|
|
Value: '''1''' Algorithm name: '''RSA'''
|
|
|
|
Value: '''2''' Algorithm name: '''DSA'''
|
|
|
|
Value: '''3''' Algorithm name: '''ECDSA'''
|
2014-02-26 06:11:39 +01:00
|
|
|
|
2014-02-26 06:15:53 +01:00
|
|
|
}}
|
|
|
|
|
2014-02-26 06:11:39 +01:00
|
|
|
siehe RFC6594
|
|
|
|
|
|
|
|
1 gibt den Hash Algorithmus an:
|
|
|
|
|
2014-02-26 06:15:53 +01:00
|
|
|
{{NiftyDiv|
|
|
|
|
Farbe=#b4d9fa|
|
|
|
|
Inhalt=
|
|
|
|
|
2014-02-26 06:19:25 +01:00
|
|
|
Value: '''1''' Algorithm name: '''SHA1'''
|
|
|
|
Value: '''2''' Algorithm name: '''SHA256'''
|
2014-02-26 06:11:39 +01:00
|
|
|
|
2014-02-26 06:15:53 +01:00
|
|
|
}}
|
|
|
|
|
2014-02-26 06:11:39 +01:00
|
|
|
siehe RFC6594
|
|
|
|
|
|
|
|
Die Berechnung des Fingerprintes erfolgt mit:
|
|
|
|
|
2014-02-26 06:15:53 +01:00
|
|
|
<source lang="bash">
|
2014-02-26 06:11:39 +01:00
|
|
|
awk '{print $2}' /etc/ssh/ssh_host_dsa_key.pub | openssl base64 -d -A | openssl sha1
|
2014-02-26 06:15:53 +01:00
|
|
|
</source>
|