sshkey icon indicating copy to clipboard operation
sshkey copied to clipboard
verified publisher icon bensie

Update SSHKey to generate fingerprint like ssh-keygen

Open kulkarniamit opened this issue 11 months ago • 0 comments

Hi @bensie, SHA256 fingerprint of an SSH public key generated by SSHKey differs from the fingerprint generated by ssh-keygen by 1 character. This is due to the truncating of padding character (=) from the end by ssh-keygen. This PR allows SSHKey to generate a SHA256 fingerprint that matches the one generated by ssh-keygen.

Goal

Match the SHA256 fingerprint of SSH public key generated by SSHKey with the fingerprint generated by ssh-keygen tool.

Changes in this PR

Truncate the padding character at the end just like ssh-keygen.

How to reproduce the difference

$ gem info sshkey

*** LOCAL GEMS ***

sshkey (3.0.0)
    Author: James Miller
    Homepage: https://github.com/bensie/sshkey
    License: MIT
    Installed at: /home/alice/.rbenv/versions/3.1.2/lib/ruby/gems/3.1.0

    SSH private/public key generator in Ruby

# Example with ECDSA public key
$ ruby -e "require 'sshkey'; puts SSHKey.sha256_fingerprint(File.read(File.expand_path('~/.ssh/id_ecdsa.pub')))"
LIqQxCAptj+dI1b9KeIt4MO+AbMNi3Sir3fHJnlu7Ok=

$ ssh-keygen -lf ~/.ssh/id_ecdsa.pub | awk '{print $2}'
SHA256:LIqQxCAptj+dI1b9KeIt4MO+AbMNi3Sir3fHJnlu7Ok

# Example with RSA public key
$ ruby -e "require 'sshkey'; puts SSHKey.sha256_fingerprint(File.read(File.expand_path('~/.ssh/id_rsa.pub')))"
9i5plIF1/V/SuIZ93z436UUjao9BarrKVlCiKvLXu40=

$ ssh-keygen -lf ~/.ssh/id_rsa.pub | awk '{print $2}'
SHA256:9i5plIF1/V/SuIZ93z436UUjao9BarrKVlCiKvLXu40

# Example with Ed25519 public key
$ ruby -e "require 'sshkey'; puts SSHKey.sha256_fingerprint(File.read(File.expand_path('~/.ssh/id_ed25519.pub')))"
fgpU2GCUwmf3Ux2ldSXAD9ztEEUEodTudzepOFc1O94=

$ ssh-keygen -lf ~/.ssh/id_ed25519.pub | awk '{print $2}'
SHA256:fgpU2GCUwmf3Ux2ldSXAD9ztEEUEodTudzepOFc1O94

Truncation in ssh-keygen

https://github.com/openssh/openssh-portable/blob/922e54bbfe8c8479453693ef52350338f0c19124/sshkey.c#L1045-L1046

Testing

$ bundle exec rake test                                                                                                                   
/home/alice/.rbenv/versions/3.1.2/bin/ruby -w -I"lib:lib:test" /home/alice/.rbenv/versions/3.1.2/lib/ruby/gems/3.1.0/gems/rake-13.2.1/lib/rake/rake_test_loader.rb "test/sshkey
_test.rb"                                                                                                                                                                              
Loaded suite /home/alice/.rbenv/versions/3.1.2/lib/ruby/gems/3.1.0/gems/rake-13.2.1/lib/rake/rake_test_loader                                                                      
Started                                                                                                                                                                                
Finished in 0.984953933 seconds.                                                                                                                                                       
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
39 tests, 169 assertions, 0 failures, 0 errors, 0 pendings, 0 omissions, 0 notifications                                                                                               
100% passed                                                                                                                                                                            
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
39.60 tests/s, 171.58 assertions/s

kulkarniamit avatar Feb 22 '25 00:02 kulkarniamit