Skip to content

ssh: Show server fingerprints in SSH page

Before a user connects to FreedomBox via SSH, they need to verify that the server they are connecting to is the correct one. Otherwise, it is possible to perform person-in-the-middle attacks. In order to verify that the SSH server, user must match the SSH fingerprint shown by the client with the one provided by a server administrator. In case of FreedomBox, we need to show this information in the SSH server page.

  • Write a method to list the fingerprints for all the SSH keys on the server. Iterate through /etc/ssh/ssh_host_*_key.pub and run the command ssh-keygen -l -f <file>. Parse the output and extract the fingerprint and algorithm.
  • Add a table to the SSHAppView and show the fingerprint information in a tabular format. Create views.py for SSH, move the SSHAppView into it. Then pass the fingerprint information as context variable. Create a new template file for SSH and display the fingerprint information there.