Tuesday, April 26, 2016

Calculate the Fingerprint from an RSA Public Key

Updated July 5th, 2017.
SSH is a great protocol that encrypts traffic between the client and the server (among many other things that it does). But it doesn't provide authentication. That can leave you open to a Man in the Middle (MiTM) attack. You have probably started an SSH session to a switch, router or server and seen this dialog (or a similar one depending you the OS you are using):

The message reinforces the fact that SSH doesn't provide authentication. So what to do? 

In a previous blog Discovering SSH host keys with NMAP I showed you how to use NMAP to pull the fingerprint or full SSH key from a Cisco device. The problem here is that you still can't be sure that the device you scanned is actually the device you want to connect to.  

With newer Cisco IOS versions you can easily display the full RSA key of the device. If you are connected with a console cable there is no doubt that you are connected to the correct device. So you can record the key right after you generate it during the initial setup with a console cable.

Once you have the full key it's easy to get the fingerprint using OpenSSH on Linux/MAC. For windows users Didier Stevens over at the SANS InfoSec forums wrote a Python script you can use. His post can be found at SSH Fingerprints Are Important.

Here is the output on the switch
3750x#sh ip ssh
SSH Enabled - version 2.0
Authentication methods:publickey,keyboard-interactive,password
Encryption Algorithms:aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
MAC Algorithms:hmac-sha1,hmac-sha1-96
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded):
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDQbH8FnvSpDpEsL3OzzWal1DCFBQmiImg4WWhSwlCu9mdHb53YigPEXJOlsVdX9KTKIACvwyHu5+yRQXa6+7Ahp7f98c1ac8wRW4Q8EP35kI00l+40LoC5G8eMiZ5Pz8o8UyAD/zmY1vWJzxs8k4mtdvgI4Pf5C3mmJ8r2nu0Zjw==

Some things to note here 
SSH Enabled - Version 2.0. It is critical that you don't allow your devices to use ANY version of SSH except 2.0. You do this by issuing "IP SSH Version 2" from global config mode. If you see version 1.99 then your device will accept SSH 1.0 connections and any version before 2.0 is broken.

The device will accept 3des-cbc encryption. 3des is an outdated encryption algorithm.  
Finally, the Hash Message Authentication Code (HMAC) is SHA1 which has been deprecated for SSL since the end of 2015.

Continuing on:
Copy everything from ssh-rsa to ==.

From a terminal:
Create an empty file to paste the key into. I used nano to create a file in the .ssh folder in my home directory. I called the file ios.pub. Obviously a more descriptive name would be used in production.
nano ~/.ssh/ios.pub 

Paste the key into the file. MAKE sure that the key is a continuos string. You will probably have to remove a couple line feeds after you paste the key in. Save the file.

ssh-keygen uses arguments to select the action to perform. To calculate the fingerprint we will use the following argurments:
-f filename - Filename of the key file.
-l - Show fingerprint of key file. (lowercase L)

Run this command:
ssh-keygen -lf ~/.ssh/ios.pub
1024 73:e9:e6:e3:f6:52:22:05:fc:d7:5d:d8:d7:ef:12:4d /home/mhubbard/.ssh/ios.pub (RSA)

You can see that the fingerprint matches the one in the dialog so I know for sure that I am connecting to the correct device and no MiTM is present.

This will work for any rsa .pub file. For example, you can run ssh-keygen -lf /etc/ssh/ssh_host_rsa_key >> $HOME/keys.txt on your Linux/Mac rig and keys.txt will contain the fingerprints for your rig.

cat keys.txt
1024 c1:c8:63:45:ce:56:66:c3:1e:7c:58:d9:c2:8f:28:1e  root@1S1K-DO (DSA)
256 1d:24:82:44:4f:56:40:4e:53:44:92:7a:1b:e5:43:e0  root@1S1K-DO (ECDSA)
2048 2c:84:a5:cd:81:eb:71:0d:42:10:68:c0:fe:28:3c:d4  root@1S1K-DO (RSA)

Didier Stevens from SANS wrote a cool Python 2 script for calculating the fingerprint from the key - Calculating a SSH Fingerprint From a (Cisco) Public Key | Didier Stevens. His blog explains the various parts of the key, worth reading for sure.

SSH Mastery: OpenSSH, PuTTY, Tunnels and Keys (ebook) - An excellent reference on SSH.
What is a SSH key fingerprint and how is it generated?