find ssh2 key fingerprint

Question

How do I find the ssh fingerprint of a ssh2 key ? With a ssh-1 key I can do ssh-keygen -lf /path/to/keyfile. However when I convert the same key to a ssh2 key using ssh-keygen -e -f keyfile.pub > keyfile_ssh2 I can no longer the fingerprint using the 1st command :

~# ssh-keygen -lf /path/to/ssh2key
ssh2key is not a public key file.

You need to point it at a valid public key file, as it suggests. — Michael Hampton, May 03 '18 at 19:34
Its the file generated when I convert a valid public key to ssh2 format. Ive used the ssh2 key to connect to the server via sftp so I know its valid. — letsc, May 03 '18 at 19:52
What do you mean by "ssh-1 key" and "convert the same key to a ssh2 key"? — Michael Hampton, May 03 '18 at 20:07
my public key in `ssh-rsa AA..` format. I convert that to ssh2 format (https://burnz.wordpress.com/2007/12/14/ssh-convert-openssh-to-ssh2-and-vise-versa/) — letsc, May 03 '18 at 20:09
That is not an "ssh2" public key. It's a format that only some commercial SSH products understand. An ssh2 key used by OpenSSH begins with `ssh-rsa AAAA.....` I don't see why you converted it at all. — Michael Hampton, May 03 '18 at 20:11

score 1 · Answer 1 · edited Oct 07 '21 at 07:59

From the ssh-keygen man page:

-m key_format

   Specify a key format for the -i (import) or -e (export) conversion
   options. The supported key formats are: “RFC4716” (RFC 4716/SSH2
   public or private key), “PKCS8” (PEM PKCS8 public key) or “PEM” 
   (PEM public key). The default conversion format is “RFC4716”.

RFC4716 is just informational and OpenSSH is not required to implement it, although some commercial SSH implementations do adopt the formats defined in it.

In other words, OpenSSH has its own format and is not concerned with working with other formats, except when it's asked to export its own data to be used with other tools.

find ssh2 key fingerprint

1 Answers1