NSE Idea: Script to show SSHD host fingerprints

[Brandon Enright <bmenrigh () ucsd edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi folks,

With the recent Debian OpenSSL/SSH PRNG seeding flaw affecting a bunch
of Debian derived boxes, we have a need to enumerate SSH host key
fingerprints.  I'm looking at tools or ways to scripting this for our
campus but I'm sure there are thousands of other people in the same
situation we're in.

It occurs to me that NSE is probably a good tool for the job.  If we
had a script to print SSH fingerprints (preferably SSH v1 and v2) it
would really be valuable to many people.

I haven't looked extensively into this and I don't know how hard it
would be in NSE without any crypto/math libraries but if someone here
does have the time to put into researching and possibly writing the
script it would be much appreciated.

OpenSSH comes with ssh-keyscan which means I'll be able to hack
something together.  Having the fingerprint functionality built into a
NSE script would be really awesome though.

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkgsnLwACgkQqaGPzAsl94LQ/wCeLtmJe6OGO+hLfYc+g3a/qOXg
vPYAn0O7zkqx7+d19HeLVpKk2oOVemhY
=ZsYw
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org