diff options
author | Viacheslav Hletenko <v.gletenko@vyos.io> | 2023-10-28 16:17:38 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-10-28 16:17:38 +0300 |
commit | 2c87e2440cab8f6501faf3a4e2d08dbb43d6c73f (patch) | |
tree | bd1ef869b8e749e0fdc43d11c6c9b4658116684e /src/op_mode/ssh.py | |
parent | 6c514d793b7308e83f03ea337d5d9e068e8c2c89 (diff) | |
parent | ced9ddc3fa635b3bf79b506b0ddfd457b522f5c3 (diff) | |
download | vyos-1x-2c87e2440cab8f6501faf3a4e2d08dbb43d6c73f.tar.gz vyos-1x-2c87e2440cab8f6501faf3a4e2d08dbb43d6c73f.zip |
Merge pull request #2410 from JeffWDH/sagitta
T5653: Command to display SSH server fingerprint
Diffstat (limited to 'src/op_mode/ssh.py')
-rwxr-xr-x | src/op_mode/ssh.py | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/src/op_mode/ssh.py b/src/op_mode/ssh.py new file mode 100755 index 000000000..4de9521b5 --- /dev/null +++ b/src/op_mode/ssh.py @@ -0,0 +1,62 @@ +#!/usr/bin/env python3 +# +# Copyright 2023 VyOS maintainers and contributors <maintainers@vyos.io> +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library. If not, see <http://www.gnu.org/licenses/>. + +import sys +import glob +import vyos.opmode +from vyos.utils.process import cmd +from vyos.configquery import ConfigTreeQuery +from tabulate import tabulate + +def show_fingerprints(raw: bool, ascii: bool): + config = ConfigTreeQuery() + if not config.exists("service ssh"): + raise vyos.opmode.UnconfiguredSubsystem("SSH server is not enabled.") + + publickeys = glob.glob("/etc/ssh/*.pub") + + if publickeys: + keys = [] + for keyfile in publickeys: + try: + if ascii: + keydata = cmd("ssh-keygen -l -v -E sha256 -f " + keyfile).splitlines() + else: + keydata = cmd("ssh-keygen -l -E sha256 -f " + keyfile).splitlines() + type = keydata[0].split(None)[-1].strip("()") + key_size = keydata[0].split(None)[0] + fingerprint = keydata[0].split(None)[1] + comment = keydata[0].split(None)[2:-1][0] + if ascii: + ascii_art = "\n".join(keydata[1:]) + keys.append({"type": type, "key_size": key_size, "fingerprint": fingerprint, "comment": comment, "ascii_art": ascii_art}) + else: + keys.append({"type": type, "key_size": key_size, "fingerprint": fingerprint, "comment": comment}) + except: + # Ignore invalid public keys + pass + if raw: + return keys + else: + headers = {"type": "Type", "key_size": "Key Size", "fingerprint": "Fingerprint", "comment": "Comment", "ascii_art": "ASCII Art"} + output = "SSH server public key fingerprints:\n\n" + tabulate(keys, headers=headers, tablefmt="simple") + return output + else: + if raw: + return [] + else: + return "No SSH server public keys are found." |