FEATURE REQUEST: Display fingerprint on key creation

[VA1DER]

It would be nice if a key fingerprint was displayed at host key creation. Ass it stands now, there is no way to perform the initial fingerprint verification when you connect.

[janmojzis]

Hello,
tinysshd-printkey prints the fingerprint.
Example:

# tinysshd-makekey keydir
# tinysshd-printkey keydir
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHfU40DKe3EgstiZfl+Tss8ijkh2rj/yxSTdZCE+/GXK

[VA1DER]

No, tinysshd-printkey does not print the fingerprint. It prints the base64 representation of the public key. To get the fingerprint you have to redirect the output to a file, copy that file over to a machine that has OpenSSH, and then use ssh-keygen to display the fingerprint.

# tinysshd-printkey > textkeyfile

Then move textkeyfile to a machine that has openssh, and then

# ssh-keygen -lf textkeyfile

Key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGAfBnHfUz3xS8cAFho3Rcfo3gEia08Ge+7JIDVjN+bk
Fingerprint: 256 SHA256:skPLlpa08M2z4cs/7RUEnb3vcaTmCqjOj03kBjozh/M

[janmojzis]

Of course tinysshd-printkey prints the public-key (sorry for the typo "s/fingerprint/public-key/").

But I think You don't need to convert the output to the sha256 fingerprint and check the fingerprint.
You can use the output directly. E.g. directly to the .ssh/known_host file.

echo "`hostname`:22 `tinysshd-printkey /etc/tinyssh/sshkeydir`" >>  .ssh/known_host