SSH公開鍵のフィンガープリントリストを作る
前回、check_by_sshを使った監視を行うで、ssh公開鍵のフィンガープリントを確認しておく必要があるという話題に触れましたが、台数が増えると結構面倒です。
今回は、知っていると少しだけ楽になるかも?というTIPSです。
ssh-keyscanコマンドを使うと、接続先の公開鍵フィンガープリントを確認することができます。
実際の出力結果は以下のような感じです。
# ssh-keyscan -t rsa 192.168.xxx.xxx # 192.168.xxx.xxx SSH-2.0-OpenSSH_5.3 192.168.xxx.xxx ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6/kgVNih9VkNb0WR+GvrWtGp0mxLogdBem+NuTyYhZCyFBTZZrb/2OqFvqPR/l3sNSSIwMjtII4+QyARdIcJSYpXVtseeB+9WfNdtMMvc5Een12zUGHpQSGSQ4jo5yoqTla4stJ9s8TSFm5tQvuCB92A/PBmFLjMYNXUhNs1HqX9GaOFCgEEmWBoUAR8KRZB1MmSewV1utzNRhyC933EvwdtTngRGi2Ijnp53zV0MVVbOOqK2FDwkNmp7u0Wirj6TQzQMVnD5jTJpwiGvnpy/7WihPszz3sJsD1uDbVvSxExbZ5di2HEwnnoHfxZQsEAQoneWD8O+ZZOm8tYkhwGXQ==
「-f」オプションをつけるとIPアドレスを書いたファイルから、リストを作成することが可能です。
実際にやってみます。
出力結果をリダイレクトして、ファイルに出力します。
# ssh-keyscan -f iplist.txt > list.txt # 192.168.xxx.100 SSH-2.0-OpenSSH_5.3 # 192.168.xxx.101 SSH-2.0-OpenSSH_5.3 # 192.168.xxx.102 SSH-2.0-OpenSSH_5.3 # 192.168.xxx.103 SSH-2.0-OpenSSH_5.3 # 192.168.xxx.104 SSH-2.0-OpenSSH_5.3 read (192.168.xxx.105): No route to host read (192.168.xxx.106): No route to host read (192.168.xxx.107): No route to host read (192.168.xxx.108): No route to host read (192.168.xxx.109): No route to host read (192.168.xxx.110): No route to host read (192.168.xxx.111): No route to host read (192.168.xxx.112): No route to host read (192.168.xxx.113): No route to host read (192.168.xxx.114): No route to host read (192.168.xxx.115): No route to host read (192.168.xxx.116): No route to host read (192.168.xxx.117): No route to host read (192.168.xxx.118): No route to host read (192.168.xxx.119): No route to host read (192.168.xxx.120): No route to host read (192.168.xxx.121): No route to host read (192.168.xxx.122): No route to host read (192.168.xxx.123): No route to host read (192.168.xxx.124): No route to host read (192.168.xxx.125): No route to host read (192.168.xxx.126): No route to host read (192.168.xxx.127): No route to host read (192.168.xxx.128): No route to host read (192.168.xxx.129): No route to host read (192.168.xxx.130): No route to host # cat list.txt 192.168.xxx.100 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6/kgVNih9VkNb0WR+GvrWtGp0mxLogdBem+NuTyYhZCyFBTZZrb/2OqFvqPR/l3sNSSIwMjtII4+QyARdIcJSYpXVtseeB+9WfNdtMMvc5Een12zUGHpQSGSQ4jo5yoqTla4stJ9s8TSFm5tQvuCB92A/PBmFLjMYNXUhNs1HqX9GaOFCgEEmWBoUAR8KRZB1MmSewV1utzNRhyC933EvwdtTngRGi2Ijnp53zV0MVVbOOqK2FDwkNmp7u0Wirj6TQzQMVnD5jTJpwiGvnpy/7WihPszz3sJsD1uDbVvSxExbZ5di2HEwnnoHfxZQsEAQoneWD8O+ZZOm8tYkhwGXQ== 192.168.xxx.101 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2LgeuAnriWR7pLyFUf3B8/DL/VklLeEyYKgV1kVGcGnzRGq3GkHqFvP4Y7GSVzwqYELWjoWvBCuGGt9Zx1NUML/N9K/zlfevUD3St8lW15TvaTEJpWGHY0nStzi2BZQzX1PklUYmjLvKstlDPSi8Htj1wbQO70bc+TdznvbEeXJN+QboyxgbV8b8BA1lnle7y3HHfCDXl1n2VsRUo5M4T92jEDqdQzimmz2Nh5oZrdDLS3nYDJQ0HXMdYqNEyj0ThS2IzvR8EXrK5Ud1xiJGTKkdb+r62W4oNZCQeNCvK81vHKHD8Xx3WH1dTHTYPkNLqPpXYtZoKF9ZNttq5Hu63w== 192.168.xxx.102 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2LgeuAnriWR7pLyFUf3B8/DL/VklLeEyYKgV1kVGcGnzRGq3GkHqFvP4Y7GSVzwqYELWjoWvBCuGGt9Zx1NUML/N9K/zlfevUD3St8lW15TvaTEJpWGHY0nStzi2BZQzX1PklUYmjLvKstlDPSi8Htj1wbQO70bc+TdznvbEeXJN+QboyxgbV8b8BA1lnle7y3HHfCDXl1n2VsRUo5M4T92jEDqdQzimmz2Nh5oZrdDLS3nYDJQ0HXMdYqNEyj0ThS2IzvR8EXrK5Ud1xiJGTKkdb+r62W4oNZCQeNCvK81vHKHD8Xx3WH1dTHTYPkNLqPpXYtZoKF9ZNttq5Hu63w== 192.168.xxx.103 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2LgeuAnriWR7pLyFUf3B8/DL/VklLeEyYKgV1kVGcGnzRGq3GkHqFvP4Y7GSVzwqYELWjoWvBCuGGt9Zx1NUML/N9K/zlfevUD3St8lW15TvaTEJpWGHY0nStzi2BZQzX1PklUYmjLvKstlDPSi8Htj1wbQO70bc+TdznvbEeXJN+QboyxgbV8b8BA1lnle7y3HHfCDXl1n2VsRUo5M4T92jEDqdQzimmz2Nh5oZrdDLS3nYDJQ0HXMdYqNEyj0ThS2IzvR8EXrK5Ud1xiJGTKkdb+r62W4oNZCQeNCvK81vHKHD8Xx3WH1dTHTYPkNLqPpXYtZoKF9ZNttq5Hu63w== 192.168.xxx.104 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2LgeuAnriWR7pLyFUf3B8/DL/VklLeEyYKgV1kVGcGnzRGq3GkHqFvP4Y7GSVzwqYELWjoWvBCuGGt9Zx1NUML/N9K/zlfevUD3St8lW15TvaTEJpWGHY0nStzi2BZQzX1PklUYmjLvKstlDPSi8Htj1wbQO70bc+TdznvbEeXJN+QboyxgbV8b8BA1lnle7y3HHfCDXl1n2VsRUo5M4T92jEDqdQzimmz2Nh5oZrdDLS3nYDJQ0HXMdYqNEyj0ThS2IzvR8EXrK5Ud1xiJGTKkdb+r62W4oNZCQeNCvK81vHKHD8Xx3WH1dTHTYPkNLqPpXYtZoKF9ZNttq5Hu63w==
「known_hosts」を作るのが少しだけ楽になると思います。
今日はこんなところで。