Add SHA256 fingerprint display for ED25519 host key

- Show SHA256 fingerprint for ed25519 key (modern standard) - Keep SHA1 output from dropbearkey for other keys - Clean up key generation output 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-18 20:55:40 +02:00 · 2025-08-18 20:55:40 +02:00 · aa9bac2c5b
commit aa9bac2c5b
parent 555987af40
1 changed files with 17 additions and 2 deletions
--- a/post-install.sh
+++ b/post-install.sh
@ -289,10 +289,25 @@ mkdir -p /etc/dropbear
 echo "${SSH_KEY}" > /etc/dropbear/authorized_keys
 chmod 600 /etc/dropbear/authorized_keys

-# Generate host keys
+# Generate host keys and display SHA256 fingerprints
+echo "[+] Generating SSH host keys..."
 for keytype in rsa ecdsa ed25519; do
    keyfile="/etc/dropbear/dropbear_${keytype}_host_key"
-    [ ! -f "$keyfile" ] && dropbearkey -t $keytype -f "$keyfile"
+    if [ ! -f "$keyfile" ]; then
+        echo "  - Generating $keytype key..."
+        dropbearkey -t $keytype -f "$keyfile" | grep -v "Generating" || true
+        
+        # Extract and display SHA256 fingerprint for ed25519
+        if [ "$keytype" = "ed25519" ] && command -v ssh-keygen >/dev/null 2>&1; then
+            # Convert dropbear key to OpenSSH format and get SHA256 fingerprint
+            dropbearkey -y -f "$keyfile" | grep "^ssh-" > "/tmp/dropbear_${keytype}.pub"
+            fingerprint=$(ssh-keygen -lf "/tmp/dropbear_${keytype}.pub" -E sha256 2>/dev/null | awk '{print $2}')
+            if [ -n "$fingerprint" ]; then
+                echo "  - ED25519 SHA256 fingerprint: $fingerprint"
+            fi
+            rm -f "/tmp/dropbear_${keytype}.pub"
+        fi
+    fi
 done

 # Configure dracut