Category Archives: ssh

difference between the ssh-keygen keypair fingerprint and Amazon EC2 fingerprint

we’re have an RSA ssh keypair, and can check it fingerprint

$ ssh-keygen -l -f ~/.ssh/id_rsa.pub
2048 f5:26:50:e6:f6:92:b6:7b:87:4d:64:6c:90:6d:1a:a0  mmalchuk@mmalchuk (RSA)
$ ssh-keygen -l -f ~/.ssh/id_rsa
2048 f5:26:50:e6:f6:92:b6:7b:87:4d:64:6c:90:6d:1a:a0  mmalchuk@mmalchuk (RSA)

now upload this public key into Amazon EC2 cloud:

$ ec2-import-keypair mykeypair --public-key-file ~/.ssh/id_rsa.pub
KEYPAIR	mykeypair	26:f4:9f:a3:f6:0e:4e:31:6c:25:06:9c:eb:4d:cf:ae

ok, key uploaded, but with different fingerprint? no!
ssh-keygen use SHA1 algorithm, but Amazon EC2 uses MD5 instead ;)
let’s check different way:

$ openssl pkey -in ~/.ssh/id_rsa -pubout -outform DER | openssl md5 -c
(stdin)= 26:f4:9f:a3:f6:0e:4e:31:6c:25:06:9c:eb:4d:cf:ae

ok, fine, this is our key uploaded ;)