Don’t Be Fooled! AWS and Openstack Show Different Fingerprints of Imported Public Key

Don’t be fooled! AWS and Openstack are fingerprinting an imported keypair differently.

AWS uses the equivalent of:

openssl rsa -in id_rsa -pubout -outform DER | openssl md5 -c

while Openstack uses ssh-keygen:

ssh-keygen -q -l -f id_rsa

They could end up showing different values for the fingerprint of exactly the same public key.

References:

[1] AWS: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html#verify-key-pair-fingerprints

[2] Openstack: https://github.com/openstack/nova/blob/master/nova/crypto.py#L133


Contents on this site are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. Creative Commons License