Skip to content

Sshkeys

(:redirect ssh.fingerprints:)

You can use this script to quickly get the ssh fingerprints for all ssh keys:

SSH Fingerprints

ssh-keygen -E md5 -lf /etc/ssh/ssh_host_dsa_key.pub
ssh-keygen -E md5 -lf /etc/ssh/ssh_host_ecdsa_key.pub
ssh-keygen -E md5 -lf /etc/ssh/ssh_host_ed25519_key.pub
ssh-keygen -E md5 -lf /etc/ssh/ssh_host_rsa_key.pub
ssh-keygen -lf /etc/ssh/ssh_host_dsa_key.pub
ssh-keygen -lf /etc/ssh/ssh_host_ecdsa_key.pub
ssh-keygen -lf /etc/ssh/ssh_host_ed25519_key.pub
ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub

The first five are MD5 hashes and are used by PuTTY. The last five will be used by Mac/Linux.

Generating SSH Keys

$ ssh-keygen -t ed25519
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/username/.ssh/id_ed25519): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/username/ssh/id_ed25519
Your public key has been saved in /home/username/ssh/id_ed25519.pub
The key fingerprint is:
...

Save the key fingerprint and image art, you will use it for verifying the key later.

You can repeat this process with other types of keys:

Now, read ~/.ssh/id_ed25519.pub:

$ cat .ssh/id_ed25519.pub

You will add this line to the bottom of ~/.ssh/authorized_keys on the server. So, we login then edit that file:

$ ssh username@example.ircnow.org
$ vi .ssh/authorized_keys

Alternative SSH Keys

On your desktop PC, you can generate other ssh key types:

$ ssh-keygen -t ecdsa -a 100
$ ssh-keygen -t rsa -b 4096 -o -a 100

Publish SSHFP

To publish ssh keys online, run:

$ ssh-keygen -r ircnow.org 
ircnow.org IN SSHFP 1 1 7251d06cf5cf9312b502388edd93ff924c52a73a
ircnow.org IN SSHFP 1 2 a0f433e68e5ba29f23825b21a23660d94a5b8a814cd71827fb75cfb4e84e4c49
ircnow.org IN SSHFP 2 1 22ccda0cafee42f3e2cc53d5f695244677a1a88f
ircnow.org IN SSHFP 2 2 88fbc099391d1e37330409978e68bdeebc50fe9bc41c5e2fd4a2d29ecde20409
ircnow.org IN SSHFP 3 1 c9a19b42a7165596f0d0e5bfa947232978901dcb
ircnow.org IN SSHFP 3 2 6a9facbb8693644063b1eee91cfce24ada5536ff52df98210fae3d350fffaf34
ircnow.org IN SSHFP 4 1 4dc3d59ef28733c89f83e0e078b10a4a816e2a04
ircnow.org IN SSHFP 4 2 a1f1388dff27d02f942ea5a9e2cb6008ae3e0a61622e5ff2b1ce746b32049152

Replace ircnow.org with your domain. Those records can then be added to your nameserver's zone files.