#!/bin/bash

# Original from:
# https://superuser.com/questions/929566/sha256-ssh-fingerprint-given-by-the-client-but-only-md5-fingerprint-known-for-sex
#
# This file applies to older OpenSSH than 6.8 where -E parameter for ssh-keygen is not supported.
# 
# Modified by Edmund Laugasson
#
# Run current script:
# source script.sh

# Set US English as default language for current script
LC_ALL=C

# standard sshd config path
SSHD_CONFIG=/etc/ssh/sshd_config

# helper functions
function tablize {
        awk '{printf("| %-7s | %-66s |\n", $1, $3)}'
}
LINE="+---------+--------------------------------------------------------------------+"

# header
echo $LINE
echo "Cipher" "Fingerprint" "Fingerprint" | tablize
echo $LINE

# fingerprints
for host_key in $(awk '/^HostKey/ {sub(/^HostKey\s+/,"");print $0".pub"};' $SSHD_CONFIG); do
        cipher=$(echo $host_key | sed -r 's/^.*ssh_host_([^_]+)_key\.pub$/\1/'| tr '[a-z]' '[A-Z]')
        if [[ -f "$host_key" ]]; then
                md5=$(ssh-keygen -l -f $host_key | awk '{print $2}')
                sha256=$(awk '{print $2}' $host_key | base64 -d | sha256sum -b | awk '{print $1}' | xxd -r -p | base64 | rev | cut -d'=' -f2 | rev)
                bbd=$(ssh-keygen -B -f $host_key | awk '{print $2}')

                echo $cipher MD5 `echo "MD5:"`$md5 | tablize
                echo $cipher SHA256 `echo "SHA256:"`$sha256 | tablize
                echo $cipher BBD $bbd | tablize
                echo $LINE
        fi
done

# BBD - easy to memorize bubblebabble digest
# man ssh-keygen and search bubblebabble