ed25519 fingerprint mismatch because of extra padding from AWS `=`

1

Hello. I'm encountering an interesting scenario where the generated fingerprint for my imported/created ed25519 SSH key is different from the one reported by ssh-keygen.

For example:

ssh-keygen:

64OuseEfObM7yYiEyK7u42qN1kHj6/JGnpro1XqO4pM

And AWS generated the fingerprint:

64OuseEfObM7yYiEyK7u42qN1kHj6/JGnpro1XqO4pM=

So, there is extra padding for some reason. Does anyone know why that is so?

Cheers, Gergely.

Gergely
asked 2 years ago392 views
2 Answers
1

I got it.

From other posts here as well, but the answer is that they are using a base64 sha256 openssl combo like this:

$ cat ~/.ssh/ec2-key.pub | base64 -w0 -d | openssl dgst -binary -sha256 | base64 -w0; echo

Where the pub key was generated from the downloaded ec2 pem key like this:

ssh-keygen -y -f ~/.ssh/ec2-key.pem > ~/.ssh/ec2-key.pub
Gergely
answered 2 years ago
0

As per this page the equal sign at the end is padding to ensure correct Base64 encoding.

profile pictureAWS
EXPERT
answered 2 years ago
  • Yeah, I know WHAT the equal sign is. :) The question is, why it's there when local workflow doesn't produce it. But I figured it out in the end.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions