What is the SHA256 that comes on the sshd entry in auth.log?
Solution 1:
This is the SHA256 hash for the RSA public key which was used to authenticate the SSH session.
This is how to verify it:
ssh-keygen -lf .ssh/id_rsa.pub
Or, to verify without ssh-keygen:
- Remove the
ssh-rsaprefix - Decode the key to bytes using
base64 - Get the
SHA256hash for the key (as bytes, not hex) - Encode the bytes using
base64
For example:
cat .ssh/id_rsa.pub |
awk '{ print $2 }' | # Only the actual key data without prefix or comments
base64 -d | # decode as base64
sha256sum | # SHA256 hash (returns hex)
awk '{ print $1 }' | # only the hex data
xxd -r -p | # hex to bytes
base64 # encode as base64
Solution 2:
Had the same question on macOS 10.13.6, where your answer just needed a couple of tweaks:
cat .ssh/id_rsa.pub |
awk '{ print $2 }' | # Only the actual key data without prefix or comments
base64 -D | # decode as base64
shasum -a 256 | # SHA256 hash (returns hex)
awk '{ print $1 }' | # only the hex data
xxd -r -p | # hex to bytes
base64 # encode as base64
Thanks v. much.