読者です 読者をやめる 読者になる 読者になる

SSH公開鍵のフィンガープリントリストを作る

前回、check_by_sshを使った監視を行うで、ssh公開鍵のフィンガープリントを確認しておく必要があるという話題に触れましたが、台数が増えると結構面倒です。


今回は、知っていると少しだけ楽になるかも?というTIPSです。


ssh-keyscanコマンドを使うと、接続先の公開鍵フィンガープリントを確認することができます。


実際の出力結果は以下のような感じです。

# ssh-keyscan -t rsa 192.168.xxx.xxx
# 192.168.xxx.xxx SSH-2.0-OpenSSH_5.3
192.168.xxx.xxx ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6/kgVNih9VkNb0WR+GvrWtGp0mxLogdBem+NuTyYhZCyFBTZZrb/2OqFvqPR/l3sNSSIwMjtII4+QyARdIcJSYpXVtseeB+9WfNdtMMvc5Een12zUGHpQSGSQ4jo5yoqTla4stJ9s8TSFm5tQvuCB92A/PBmFLjMYNXUhNs1HqX9GaOFCgEEmWBoUAR8KRZB1MmSewV1utzNRhyC933EvwdtTngRGi2Ijnp53zV0MVVbOOqK2FDwkNmp7u0Wirj6TQzQMVnD5jTJpwiGvnpy/7WihPszz3sJsD1uDbVvSxExbZ5di2HEwnnoHfxZQsEAQoneWD8O+ZZOm8tYkhwGXQ==


「-f」オプションをつけるとIPアドレスを書いたファイルから、リストを作成することが可能です。


実際にやってみます。
出力結果をリダイレクトして、ファイルに出力します。

# ssh-keyscan -f iplist.txt > list.txt
# 192.168.xxx.100 SSH-2.0-OpenSSH_5.3
# 192.168.xxx.101 SSH-2.0-OpenSSH_5.3
# 192.168.xxx.102 SSH-2.0-OpenSSH_5.3
# 192.168.xxx.103 SSH-2.0-OpenSSH_5.3
# 192.168.xxx.104 SSH-2.0-OpenSSH_5.3
read (192.168.xxx.105): No route to host
read (192.168.xxx.106): No route to host
read (192.168.xxx.107): No route to host
read (192.168.xxx.108): No route to host
read (192.168.xxx.109): No route to host
read (192.168.xxx.110): No route to host
read (192.168.xxx.111): No route to host
read (192.168.xxx.112): No route to host
read (192.168.xxx.113): No route to host
read (192.168.xxx.114): No route to host
read (192.168.xxx.115): No route to host
read (192.168.xxx.116): No route to host
read (192.168.xxx.117): No route to host
read (192.168.xxx.118): No route to host
read (192.168.xxx.119): No route to host
read (192.168.xxx.120): No route to host
read (192.168.xxx.121): No route to host
read (192.168.xxx.122): No route to host
read (192.168.xxx.123): No route to host
read (192.168.xxx.124): No route to host
read (192.168.xxx.125): No route to host
read (192.168.xxx.126): No route to host
read (192.168.xxx.127): No route to host
read (192.168.xxx.128): No route to host
read (192.168.xxx.129): No route to host
read (192.168.xxx.130): No route to host

# cat list.txt 
192.168.xxx.100 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6/kgVNih9VkNb0WR+GvrWtGp0mxLogdBem+NuTyYhZCyFBTZZrb/2OqFvqPR/l3sNSSIwMjtII4+QyARdIcJSYpXVtseeB+9WfNdtMMvc5Een12zUGHpQSGSQ4jo5yoqTla4stJ9s8TSFm5tQvuCB92A/PBmFLjMYNXUhNs1HqX9GaOFCgEEmWBoUAR8KRZB1MmSewV1utzNRhyC933EvwdtTngRGi2Ijnp53zV0MVVbOOqK2FDwkNmp7u0Wirj6TQzQMVnD5jTJpwiGvnpy/7WihPszz3sJsD1uDbVvSxExbZ5di2HEwnnoHfxZQsEAQoneWD8O+ZZOm8tYkhwGXQ==
192.168.xxx.101 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2LgeuAnriWR7pLyFUf3B8/DL/VklLeEyYKgV1kVGcGnzRGq3GkHqFvP4Y7GSVzwqYELWjoWvBCuGGt9Zx1NUML/N9K/zlfevUD3St8lW15TvaTEJpWGHY0nStzi2BZQzX1PklUYmjLvKstlDPSi8Htj1wbQO70bc+TdznvbEeXJN+QboyxgbV8b8BA1lnle7y3HHfCDXl1n2VsRUo5M4T92jEDqdQzimmz2Nh5oZrdDLS3nYDJQ0HXMdYqNEyj0ThS2IzvR8EXrK5Ud1xiJGTKkdb+r62W4oNZCQeNCvK81vHKHD8Xx3WH1dTHTYPkNLqPpXYtZoKF9ZNttq5Hu63w==
192.168.xxx.102 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2LgeuAnriWR7pLyFUf3B8/DL/VklLeEyYKgV1kVGcGnzRGq3GkHqFvP4Y7GSVzwqYELWjoWvBCuGGt9Zx1NUML/N9K/zlfevUD3St8lW15TvaTEJpWGHY0nStzi2BZQzX1PklUYmjLvKstlDPSi8Htj1wbQO70bc+TdznvbEeXJN+QboyxgbV8b8BA1lnle7y3HHfCDXl1n2VsRUo5M4T92jEDqdQzimmz2Nh5oZrdDLS3nYDJQ0HXMdYqNEyj0ThS2IzvR8EXrK5Ud1xiJGTKkdb+r62W4oNZCQeNCvK81vHKHD8Xx3WH1dTHTYPkNLqPpXYtZoKF9ZNttq5Hu63w==
192.168.xxx.103 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2LgeuAnriWR7pLyFUf3B8/DL/VklLeEyYKgV1kVGcGnzRGq3GkHqFvP4Y7GSVzwqYELWjoWvBCuGGt9Zx1NUML/N9K/zlfevUD3St8lW15TvaTEJpWGHY0nStzi2BZQzX1PklUYmjLvKstlDPSi8Htj1wbQO70bc+TdznvbEeXJN+QboyxgbV8b8BA1lnle7y3HHfCDXl1n2VsRUo5M4T92jEDqdQzimmz2Nh5oZrdDLS3nYDJQ0HXMdYqNEyj0ThS2IzvR8EXrK5Ud1xiJGTKkdb+r62W4oNZCQeNCvK81vHKHD8Xx3WH1dTHTYPkNLqPpXYtZoKF9ZNttq5Hu63w==
192.168.xxx.104 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2LgeuAnriWR7pLyFUf3B8/DL/VklLeEyYKgV1kVGcGnzRGq3GkHqFvP4Y7GSVzwqYELWjoWvBCuGGt9Zx1NUML/N9K/zlfevUD3St8lW15TvaTEJpWGHY0nStzi2BZQzX1PklUYmjLvKstlDPSi8Htj1wbQO70bc+TdznvbEeXJN+QboyxgbV8b8BA1lnle7y3HHfCDXl1n2VsRUo5M4T92jEDqdQzimmz2Nh5oZrdDLS3nYDJQ0HXMdYqNEyj0ThS2IzvR8EXrK5Ud1xiJGTKkdb+r62W4oNZCQeNCvK81vHKHD8Xx3WH1dTHTYPkNLqPpXYtZoKF9ZNttq5Hu63w==


「known_hosts」を作るのが少しだけ楽になると思います。


今日はこんなところで。