Dzahn has uploaded a new change for review. https://gerrit.wikimedia.org/r/280757
Change subject: base: add script to generate fingerprints ...................................................................... base: add script to generate fingerprints This would be useful on all hosts to easily generate ssh fingerprints after a reinstall to give the output to users, like pasting it on: https://wikitech.wikimedia.org/wiki/Help:SSH_Fingerprints It's nice because it also works on older servers without the ssh-keygen -E option and generates both MD5 and SHA-256 fingerprints. Change-Id: I6d5294dffdcfaec8acd85a7ed3dc5b509566182c --- A modules/base/files/environment/gen_fingerprints M modules/base/manifests/environment.pp 2 files changed, 40 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/57/280757/1 diff --git a/modules/base/files/environment/gen_fingerprints b/modules/base/files/environment/gen_fingerprints new file mode 100644 index 0000000..91eba4d --- /dev/null +++ b/modules/base/files/environment/gen_fingerprints @@ -0,0 +1,32 @@ +#!/bin/bash +# create ssh fingerprints of a server to paste on +# https://wikitech.wikimedia.org/wiki/Help:SSH_Fingerprints +# script by Kepi (http://superuser.com/users/221994/kepi) + + +# standard sshd config path +SSHD_CONFIG=/etc/ssh/sshd_config + +# helper functions +function tablize { + awk '{printf("| %-7s | %-7s | %-47s |\n", $1, $2, $3)}' +} +LINE="+---------+---------+-------------------------------------------------+" + +# header +echo $LINE +echo "Cipher" "Algo" "Fingerprint" | tablize +echo $LINE + +# fingerprints +for host_key in $(awk '/^HostKey/ {sub(/^HostKey\s+/,"");print $0".pub"};' $SSHD_CONFIG); do + cipher=$(echo $host_key | sed -r 's/^.*ssh_host_([^_]+)_key\.pub$/\1/'| tr '[a-z]' '[A-Z]') + if [[ -f "$host_key" ]]; then + md5=$(ssh-keygen -l -f $host_key | awk '{print $2}') + sha256=$(awk '{print $2}' $host_key | base64 -d | sha256sum -b | awk '{print $1}' | xxd -r -p | base64) + + echo $cipher MD5 $md5 | tablize + echo $cipher SHA-256 $sha256 | tablize + echo $LINE + fi +done diff --git a/modules/base/manifests/environment.pp b/modules/base/manifests/environment.pp index 7bbc57d..48bde33 100644 --- a/modules/base/manifests/environment.pp +++ b/modules/base/manifests/environment.pp @@ -93,6 +93,14 @@ mode => '0444', } + # script to generate ssh fingerprints of the server + file { '/usr/local/bin/gen_fingerprints': + source => 'puppet:///modules/base/environment/gen_fingerprints', + owner => 'root', + group => 'root', + mode => '0555', + } + ### Core dumps # Write core dumps to /var/tmp/core/core.<host>.<executable>.<pid>.<timestamp>. -- To view, visit https://gerrit.wikimedia.org/r/280757 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I6d5294dffdcfaec8acd85a7ed3dc5b509566182c Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Dzahn <[email protected]> _______________________________________________ MediaWiki-commits mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
