summaryrefslogtreecommitdiff
path: root/src/op_mode/ssh.py
diff options
context:
space:
mode:
authorViacheslav Hletenko <v.gletenko@vyos.io>2023-10-28 16:17:38 +0300
committerGitHub <noreply@github.com>2023-10-28 16:17:38 +0300
commit2c87e2440cab8f6501faf3a4e2d08dbb43d6c73f (patch)
treebd1ef869b8e749e0fdc43d11c6c9b4658116684e /src/op_mode/ssh.py
parent6c514d793b7308e83f03ea337d5d9e068e8c2c89 (diff)
parentced9ddc3fa635b3bf79b506b0ddfd457b522f5c3 (diff)
downloadvyos-1x-2c87e2440cab8f6501faf3a4e2d08dbb43d6c73f.tar.gz
vyos-1x-2c87e2440cab8f6501faf3a4e2d08dbb43d6c73f.zip
Merge pull request #2410 from JeffWDH/sagitta
T5653: Command to display SSH server fingerprint
Diffstat (limited to 'src/op_mode/ssh.py')
-rwxr-xr-xsrc/op_mode/ssh.py62
1 files changed, 62 insertions, 0 deletions
diff --git a/src/op_mode/ssh.py b/src/op_mode/ssh.py
new file mode 100755
index 000000000..4de9521b5
--- /dev/null
+++ b/src/op_mode/ssh.py
@@ -0,0 +1,62 @@
+#!/usr/bin/env python3
+#
+# Copyright 2023 VyOS maintainers and contributors <maintainers@vyos.io>
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library. If not, see <http://www.gnu.org/licenses/>.
+
+import sys
+import glob
+import vyos.opmode
+from vyos.utils.process import cmd
+from vyos.configquery import ConfigTreeQuery
+from tabulate import tabulate
+
+def show_fingerprints(raw: bool, ascii: bool):
+ config = ConfigTreeQuery()
+ if not config.exists("service ssh"):
+ raise vyos.opmode.UnconfiguredSubsystem("SSH server is not enabled.")
+
+ publickeys = glob.glob("/etc/ssh/*.pub")
+
+ if publickeys:
+ keys = []
+ for keyfile in publickeys:
+ try:
+ if ascii:
+ keydata = cmd("ssh-keygen -l -v -E sha256 -f " + keyfile).splitlines()
+ else:
+ keydata = cmd("ssh-keygen -l -E sha256 -f " + keyfile).splitlines()
+ type = keydata[0].split(None)[-1].strip("()")
+ key_size = keydata[0].split(None)[0]
+ fingerprint = keydata[0].split(None)[1]
+ comment = keydata[0].split(None)[2:-1][0]
+ if ascii:
+ ascii_art = "\n".join(keydata[1:])
+ keys.append({"type": type, "key_size": key_size, "fingerprint": fingerprint, "comment": comment, "ascii_art": ascii_art})
+ else:
+ keys.append({"type": type, "key_size": key_size, "fingerprint": fingerprint, "comment": comment})
+ except:
+ # Ignore invalid public keys
+ pass
+ if raw:
+ return keys
+ else:
+ headers = {"type": "Type", "key_size": "Key Size", "fingerprint": "Fingerprint", "comment": "Comment", "ascii_art": "ASCII Art"}
+ output = "SSH server public key fingerprints:\n\n" + tabulate(keys, headers=headers, tablefmt="simple")
+ return output
+ else:
+ if raw:
+ return []
+ else:
+ return "No SSH server public keys are found."