From b49fcb33587a238191882fe8b0836a707f7204f0 Mon Sep 17 00:00:00 2001 From: Dominik Roth Date: Mon, 18 Aug 2025 21:33:12 +0200 Subject: [PATCH] Improve SSH fingerprint display logic MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Compare fingerprints and show if they're the same - Clear indication when keys are shared vs different - Better user experience for host key verification 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude --- post-install.sh | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/post-install.sh b/post-install.sh index 77116aa..9c7b1cc 100755 --- a/post-install.sh +++ b/post-install.sh @@ -445,18 +445,28 @@ echo "" # Display SSH host key fingerprints echo "SSH Host Key Fingerprints:" +ed25519_fp="" +dropbear_fp="" + if [ -f "/etc/ssh/ssh_host_ed25519_key.pub" ] && command -v ssh-keygen >/dev/null 2>&1; then ed25519_fp=$(ssh-keygen -lf /etc/ssh/ssh_host_ed25519_key.pub -E sha256 2>/dev/null | awk '{print $2}') - if [ -n "$ed25519_fp" ]; then - echo " Normal SSH (ED25519): $ed25519_fp" - fi fi if [ -f "/etc/dropbear/dropbear_ed25519_host_key" ] && command -v ssh-keygen >/dev/null 2>&1; then dropbear_fp=$(dropbearkey -y -f /etc/dropbear/dropbear_ed25519_host_key 2>/dev/null | ssh-keygen -lf - -E sha256 2>/dev/null | awk '{print $2}') - if [ -n "$dropbear_fp" ]; then - echo " Rescue SSH (ED25519): $dropbear_fp" - fi +fi + +if [ -n "$ed25519_fp" ] && [ -n "$dropbear_fp" ] && [ "$ed25519_fp" = "$dropbear_fp" ]; then + echo " SSH (ED25519): $ed25519_fp (same for both rescue and normal)" +elif [ -n "$ed25519_fp" ] && [ -n "$dropbear_fp" ]; then + echo " Normal SSH (ED25519): $ed25519_fp" + echo " Rescue SSH (ED25519): $dropbear_fp" +elif [ -n "$ed25519_fp" ]; then + echo " Normal SSH (ED25519): $ed25519_fp" +elif [ -n "$dropbear_fp" ]; then + echo " Rescue SSH (ED25519): $dropbear_fp" +else + echo " No ED25519 keys found" fi echo ""