Add SHA256 fingerprint display for ED25519 host key

- Show SHA256 fingerprint for ed25519 key (modern standard)
- Keep SHA1 output from dropbearkey for other keys
- Clean up key generation output

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

post-install.sh

@@ -289,10 +289,25 @@ mkdir -p /etc/dropbear
 echo "${SSH_KEY}" > /etc/dropbear/authorized_keys
 chmod 600 /etc/dropbear/authorized_keys
 
-# Generate host keys
+# Generate host keys and display SHA256 fingerprints
+echo "[+] Generating SSH host keys..."
 for keytype in rsa ecdsa ed25519; do
     keyfile="/etc/dropbear/dropbear_${keytype}_host_key"
-    [ ! -f "$keyfile" ] && dropbearkey -t $keytype -f "$keyfile"
+    if [ ! -f "$keyfile" ]; then
+        echo "  - Generating $keytype key..."
+        dropbearkey -t $keytype -f "$keyfile" | grep -v "Generating" || true
+        
+        # Extract and display SHA256 fingerprint for ed25519
+        if [ "$keytype" = "ed25519" ] && command -v ssh-keygen >/dev/null 2>&1; then
+            # Convert dropbear key to OpenSSH format and get SHA256 fingerprint
+            dropbearkey -y -f "$keyfile" | grep "^ssh-" > "/tmp/dropbear_${keytype}.pub"
+            fingerprint=$(ssh-keygen -lf "/tmp/dropbear_${keytype}.pub" -E sha256 2>/dev/null | awk '{print $2}')
+            if [ -n "$fingerprint" ]; then
+                echo "  - ED25519 SHA256 fingerprint: $fingerprint"
+            fi
+            rm -f "/tmp/dropbear_${keytype}.pub"
+        fi
+    fi
 done
 
 # Configure dracut