diff --git a/post-install.sh b/post-install.sh index 2856e24..218de27 100755 --- a/post-install.sh +++ b/post-install.sh @@ -289,10 +289,25 @@ mkdir -p /etc/dropbear echo "${SSH_KEY}" > /etc/dropbear/authorized_keys chmod 600 /etc/dropbear/authorized_keys -# Generate host keys +# Generate host keys and display SHA256 fingerprints +echo "[+] Generating SSH host keys..." for keytype in rsa ecdsa ed25519; do keyfile="/etc/dropbear/dropbear_${keytype}_host_key" - [ ! -f "$keyfile" ] && dropbearkey -t $keytype -f "$keyfile" + if [ ! -f "$keyfile" ]; then + echo " - Generating $keytype key..." + dropbearkey -t $keytype -f "$keyfile" | grep -v "Generating" || true + + # Extract and display SHA256 fingerprint for ed25519 + if [ "$keytype" = "ed25519" ] && command -v ssh-keygen >/dev/null 2>&1; then + # Convert dropbear key to OpenSSH format and get SHA256 fingerprint + dropbearkey -y -f "$keyfile" | grep "^ssh-" > "/tmp/dropbear_${keytype}.pub" + fingerprint=$(ssh-keygen -lf "/tmp/dropbear_${keytype}.pub" -E sha256 2>/dev/null | awk '{print $2}') + if [ -n "$fingerprint" ]; then + echo " - ED25519 SHA256 fingerprint: $fingerprint" + fi + rm -f "/tmp/dropbear_${keytype}.pub" + fi + fi done # Configure dracut