diff --git a/show_fingerprints.pl b/show_fingerprints.pl index 8648d6dd83969c5c3e014c37b5a56f09b2625fe5..46c2afc417066a7704073a8fccb8a898c8e9d66f 100755 --- a/show_fingerprints.pl +++ b/show_fingerprints.pl @@ -12,6 +12,9 @@ use strict; +my ($version, $has_E)= get_ssh_version(); +my $hash_algorithm= 'MD5'; + my @files= <*.pub>; # print "files: ", join (' ', @files), "\n"; push (@files, <authorized_keys*>); @@ -19,7 +22,10 @@ push (@files, <authorized_keys*>); printf ("%-20s %5s %-51s %-6s %s\n", qw(file size fingerprint type notes)); foreach my $file (@files) { - my @cmd= (qw(ssh-keygen -lE md5 -f), $file); + my @cmd= qw(ssh-keygen -l); + push (@cmd, '-E', $hash_algorithm) if ($has_E); + push (@cmd, '-f', $file); + my $res= `@cmd`; my @lines= split ("\n", $res); foreach my $line (@lines) @@ -28,9 +34,28 @@ foreach my $file (@files) my $type= 'unknown'; if ($notes =~ m#(.+)\s+\((.+)\)#) { ($notes, $type)= ($1, $2) } + $fp= join(':', $hash_algorithm, $fp) unless ($has_E); + + printf ("%-20s %5d %-51s %-6s %s\n", $file, $size, $fp, $type, $notes); + } +} - printf ("%-20s %5d %s %-6s %s\n", $file, $size, $fp, $type, $notes); +sub get_ssh_version +{ + my @cmd= qw(ssh-keygen --version); # apparently, there is way to display the version directly + my $res= `@cmd 2>&1`; + + my $version= 'unknown'; + my $has_E= 0; + foreach my $l (split ("\n", $res)) + { + # print "[$l]\n"; + + if ($l =~ ' -L Print the contents of a certificate.') { $has_E= 0; } + elsif ($l eq ' ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]') { $has_E= 1; } } + + ($version, $has_E); } =head1 TODO