https://github.com/ndejong/ssh-knownhost
Get known_hosts based on their ssh-fingerprints - preventing man-in-the middle situations
https://github.com/ndejong/ssh-knownhost
Last synced: about 1 month ago
JSON representation
Get known_hosts based on their ssh-fingerprints - preventing man-in-the middle situations
- Host: GitHub
- URL: https://github.com/ndejong/ssh-knownhost
- Owner: ndejong
- License: apache-2.0
- Created: 2018-03-10T09:39:15.000Z (about 7 years ago)
- Default Branch: master
- Last Pushed: 2018-07-12T09:25:47.000Z (almost 7 years ago)
- Last Synced: 2025-02-10T06:14:12.841Z (3 months ago)
- Language: Shell
- Homepage:
- Size: 5.86 KB
- Stars: 2
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# ssh-knownhost
Tool that combines `ssh-keyscan` with `ssh-keygen` to echo to stdout the required
string for your .ssh/known_hosts file if the fingerprint of the remote ssh-server
matches the provided fingerprint.
This allows you to easily add fingerprint verified entries to the `.ssh/known_hosts`
file without the run-around.
## Examples
Check the remote ssh-server has the provided SHA256 fingerprint and echo the
known_hosts entry to stdout
```
$ ssh-knownhost git-codecommit.us-east-2.amazonaws.com 3lBlW2g5xn/NA2Ck6dyeJIrQOWvn7n8UEs56fG6ZIzQ
|1|rc1EFpa3dGvQocfQVp5n77zvlFY=|ca6xmx4sxubSrqX9eqtcn/Dj9hg= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCNbmnXfe621xtVMkrwOqf6QNIlnOKkQ01KoM6gKC4nv5T08hbGcGp6iYplGLKMLlki+auO1J3JTA3qAKDobZR1wDqtW9LC2k46GHV4YigUpd6D+YdranJqbxpGOuNd6c1EP50vQnlW9MxZYExyrZKT0UfOJAydQLoWPuSioyHk3zAltSIrCxczP3jxAhuoq++eUrdC5uF6UMNJC10eBA9XglAe2oRLzApoStyCAiKVnoBndU2NpJWqNw0K5qfEUx2vyQFfHNRAwNNRDFtkdE9ho255YECTO07Zg37QCZ+hV5VAoFRu5CHSXqVZc5YN1YXkZ8SVHyBX7krO80QaaDor
```
Check the remote ssh-server has the provided MD5 fingerprint and echo to stdout
```
$ ssh-knownhost git-codecommit.us-east-2.amazonaws.com a9:6d:03:ed:08:42:21:be:06:e1:e0:2a:d1:75:31:5e
|1|rc1EFpa3dGvQocfQVp5n77zvlFY=|ca6xmx4sxubSrqX9eqtcn/Dj9hg= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCNbmnXfe621xtVMkrwOqf6QNIlnOKkQ01KoM6gKC4nv5T08hbGcGp6iYplGLKMLlki+auO1J3JTA3qAKDobZR1wDqtW9LC2k46GHV4YigUpd6D+YdranJqbxpGOuNd6c1EP50vQnlW9MxZYExyrZKT0UfOJAydQLoWPuSioyHk3zAltSIrCxczP3jxAhuoq++eUrdC5uF6UMNJC10eBA9XglAe2oRLzApoStyCAiKVnoBndU2NpJWqNw0K5qfEUx2vyQFfHNRAwNNRDFtkdE9ho255YECTO07Zg37QCZ+hV5VAoFRu5CHSXqVZc5YN1YXkZ8SVHyBX7krO80QaaDor
```
Check the remote ssh-server has the provided SHA256 fingerprint and append the
output to ~/.ssh/known_hosts
```
$ ssh-knownhost git-codecommit.us-east-2.amazonaws.com 3lBlW2g5xn/NA2Ck6dyeJIrQOWvn7n8UEs56fG6ZIzQ >> ~/.ssh/known_hosts
```
Deliberatly using a bad fingerprint value
```
$ ssh-knownhost git-codecommit.us-east-2.amazonaws.com bad-fingerprint-value
No matching fingerprint
```
## Some AWS CodeCommit known SSH server fingerprints
* https://docs.aws.amazon.com/codecommit/latest/userguide/regions.html#regions-fingerprints
## Authors
This code is managed by [Verb Networks](https://github.com/verbnetworks).
## License
Apache 2 Licensed. See LICENSE file for full details.