ed25519 fingerprint mismatch because of extra padding from AWS `=`

Hello. I'm encountering an interesting scenario where the generated fingerprint for my imported/created ed25519 SSH key is different from the one reported by ssh-keygen.

For example:

ssh-keygen:

64OuseEfObM7yYiEyK7u42qN1kHj6/JGnpro1XqO4pM

And AWS generated the fingerprint:

64OuseEfObM7yYiEyK7u42qN1kHj6/JGnpro1XqO4pM=

So, there is extra padding for some reason. Does anyone know why that is so?

Cheers, Gergely.

주제

컴퓨팅

태그

아마존 EC2

언어

English

Gergely

질문됨 2년 전323회 조회

2개 답변

최신
최다 투표
가장 많은 댓글

I got it.

From other posts here as well, but the answer is that they are using a base64 sha256 openssl combo like this:

$ cat ~/.ssh/ec2-key.pub | base64 -w0 -d | openssl dgst -binary -sha256 | base64 -w0; echo

Where the pub key was generated from the downloaded ec2 pem key like this:

ssh-keygen -y -f ~/.ssh/ec2-key.pem > ~/.ssh/ec2-key.pub

Gergely

답변함 2년 전

As per this page the equal sign at the end is padding to ensure correct Base64 encoding.

전문가

Brettski-AWS

답변함 2년 전

Gergely
2년 전
Yeah, I know WHAT the equal sign is. :) The question is, why it's there when local workflow doesn't produce it. But I figured it out in the end.

ed25519 fingerprint mismatch because of extra padding from AWS `=`

관련 콘텐츠