This command mimics the one in the legacy EC2 CLI tool and computes the fingerprint of a locally stored SSH private key file.
garnaat
All 8 comments
Will this require a crypto lib?
jamesls
on 22 Jul 2013
It shouldn't. It's supposed to just be the hexdigest of the MD5 checksum of the public key with a bit of manipulation of the hexdigest characters. See:
http://stackoverflow.com/questions/6682815/deriving-an-ssh-fingerprint-from-a-public-key-in-python
But at the moment, I'm having trouble getting this value to match that returned by an aws ec2 describe-key-pairs request so I'm looking into this a bit more.
garnaat
on 22 Jul 2013
Doesn't the legacy command take a pem file though? http://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/ApiReference-cmd-FingerprintKey.html
In which case we'd need pem/der conversion wouldn't we?
jamesls
on 22 Jul 2013
Hmm. Yes, you are right. That's kind of weird to compute the fingerprint
from the private key file. That's not how openssl computes it. Are they
just extracting the public key from the pem file and then generating the
fingerprint from that? It's not really very well specified and I can't
seem to get any variation of the fingerprint that I'm generating locally to
match what EC2 is sending me.
On Mon, Jul 22, 2013 at 10:46 AM, James Saryerwinnie <
[email protected]> wrote:
Doesn't the legacy command take a pem file though?
http://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/ApiReference-cmd-FingerprintKey.htmlIn which case we'd need pem/der conversion wouldn't we?
—
Reply to this email directly or view it on GitHubhttps://github.com/aws/aws-cli/issues/191#issuecomment-21362102
.
garnaat
on 22 Jul 2013
@garnaat This should generate a fingerprint of your public key locally that matches AWS's:
ssh-keygen -f ~/.ssh/id_rsa.pub -e -m PKCS8 | openssl pkey -pubin -outform DER | openssl md5 -c
I haven't tried doing this in python yet. I might take a crack at it if I have some spare time, and if you don't beat me to it.
sbillig
on 17 Aug 2013
@sbillig - confirmed that works. just in case anyone else stumbles upon this. Thanks
kmcquade
on 10 Jan 2018
Good Morning!
We're closing this issue here on GitHub, as part of our migration to UserVoice for feature requests involving the AWS CLI.
This will let us get the most important features to you, by making it easier to search for and show support for the features you care the most about, without diluting the conversation with bug reports.
As a quick UserVoice primer (if not already familiar): after an idea is posted, people can vote on the ideas, and the product team will be responding directly to the most popular suggestions.
We’ve imported existing feature requests from GitHub - Search for this issue there!
And don't worry, this issue will still exist on GitHub for posterity's sake. As it’s a text-only import of the original post into UserVoice, we’ll still be keeping in mind the comments and discussion that already exist here on the GitHub issue.
GitHub will remain the channel for reporting bugs.
Once again, this issue can now be found by searching for the title on: https://aws.uservoice.com/forums/598381-aws-command-line-interface
-The AWS SDKs & Tools Team
ASayre
on 6 Feb 2018
Based on community feedback, we have decided to return feature requests to GitHub issues.
jamesls
on 7 Apr 2018
Related issues
braddr
·
3Comments
pawelkilian
·
3Comments
maanbsat
·
3Comments
rahul003
·
3Comments
schams-net
·
3Comments
Most helpful comment
@garnaat This should generate a fingerprint of your public key locally that matches AWS's:
ssh-keygen -f ~/.ssh/id_rsa.pub -e -m PKCS8 | openssl pkey -pubin -outform DER | openssl md5 -cI haven't tried doing this in python yet. I might take a crack at it if I have some spare time, and if you don't beat me to it.