Skip to content

mlgupta/sshfp

Repository files navigation

SSHFP Tester

Docker Image Version (latest by date) GitHub Workflow Status Docker Image Size (latest by date) GitHub issues GitHub last commit GitHub Docker Pulls

SSHFP is SSHFP record tester. It lists SSHFP records, SSH Key Fingerprints for a server, and matching Key fingerprints between the published DNS SSHFP records and Fingerprints returned by the SSH server. SSHFP records are obtained by performing DNS lookup against the domain's authoritative name servers, so changes to SSHFP records should show up instantly. This tool extracts SSH Key Fingerprints using ssh-keyscan against the server and port. Result also includes a set of matching keys between published DNS SSHFP records and Key fingerprints returned by the SSH server. You should use DNSSEC when publishing SSHFP records. And, you should only perform this test against the server you own. You can see the demo here.

Installation/Build

Follow the steps to build docker image using source code:

  1. Clone this git repository
$ git clone https://github.com/dbsentry/sshfp.git
  1. By default Makefile creates image as dbsentry/sshfp. To change, modify Makefile
  2. Change .release to reflect correct tag on docker image
  3. Run build
$ make build

The generated image when run would start a docker container with all the services.

Run

You can use either docker or podman to run this container. Webserver's default port is 8080. And, as the process runs as a non-root user port specified using env should be greater than 1024. If a port less then 1024 is specified, the port defaults to 8080.

$ docker run -p 8080:8800 -it dbsentry/sshfp
$ podman run -p 8080:8080 -it dbsentry/sshfp

By default the webserver uses port 8080 on the container, if you want to use other port:

$ docker run -p 8080:9080 --env PORT=9080 -it dbsentry/sshfp
$ podman run -p 8080:9080 --env PORT=9080 -it dbsentry/sshfp

License

All assets and code are under the GNU GPL LICENSE and in the public domain unless specified otherwise.

Some files were sourced from other open source projects and are under their terms and license.