Skip to main content
D
DavidQHogan
Inspiring
October 22, 2012
Question

Feature Request (EC2): Show SSH Fingerprints in console

  • October 22, 2012
  • 1 reply
  • 563 views

Hi,

It would be nice if you added something like


bash -c 'for f in $(ls /etc/ssh/*.pub); do ssh-keygen -lf $f; done'

to /etc/rc.local on your EC2 AMI - this would display the SSH key fingerprints in the console output (which can be securely obtained from the ec2 console or command line tools). Without a secure way to obtain these fingerprints it is not possible to detect a man-in-the-middle attack of the first SSH connection to the server.

My current workaround is to place the following scipt as the ec2 user data file:

#!/bin/bash

set -o nounset

set -o errexit

# Dump SSH fingerprints to console

for f in $(ls /etc/ssh/*.pub); do ssh-keygen -lf $f; done > /dev/console

However it would be nice if this functionality was built into the AMI as i'm not currently needing the user data mechanism for anything else.

Cheers,

Dave

    This topic has been closed for replies.

    1 reply

    S
    ShivenK
    Inspiring
    October 30, 2012

    Hi Dave,

    Thanks for using our services on AWS. This is really valuable and will surely be considered in our subsequent releases.

    Cheers,

    Shiven

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices