From 96ff742bd54486237723d216f3ee7bb71abf6ea1 Mon Sep 17 00:00:00 2001 From: Dominik Roth Date: Mon, 18 Aug 2025 21:31:19 +0200 Subject: [PATCH] Display SSH host key fingerprints at end of installation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Show SHA256 fingerprints for both normal and rescue SSH keys - Helps distinguish between dropbear (rescue) and OpenSSH (normal) - Makes it easy to verify host keys on first connection 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude --- post-install.sh | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/post-install.sh b/post-install.sh index 7cb5149..77116aa 100755 --- a/post-install.sh +++ b/post-install.sh @@ -441,6 +441,24 @@ echo "[+] Setting SELinux to enforcing..." sed -i 's/^SELINUX=.*/SELINUX=enforcing/' /etc/selinux/config echo "✅ Post-installation complete!" +echo "" + +# Display SSH host key fingerprints +echo "SSH Host Key Fingerprints:" +if [ -f "/etc/ssh/ssh_host_ed25519_key.pub" ] && command -v ssh-keygen >/dev/null 2>&1; then + ed25519_fp=$(ssh-keygen -lf /etc/ssh/ssh_host_ed25519_key.pub -E sha256 2>/dev/null | awk '{print $2}') + if [ -n "$ed25519_fp" ]; then + echo " Normal SSH (ED25519): $ed25519_fp" + fi +fi + +if [ -f "/etc/dropbear/dropbear_ed25519_host_key" ] && command -v ssh-keygen >/dev/null 2>&1; then + dropbear_fp=$(dropbearkey -y -f /etc/dropbear/dropbear_ed25519_host_key 2>/dev/null | ssh-keygen -lf - -E sha256 2>/dev/null | awk '{print $2}') + if [ -n "$dropbear_fp" ]; then + echo " Rescue SSH (ED25519): $dropbear_fp" + fi +fi + echo "" echo "IMPORTANT: The LUKS passphrase is set in install.conf" echo "Save it securely for recovery purposes."