While I normally use OpenSSH I have Dropbear installed on a Debian system to provide a small SSH server for unlocking disk encryption during initramfs boot phase.
Dropbear and OpenSSH have different formats key files. I also don’t want them to share the key pair and not convert Dropbear’s key pair to OpenSSH.
How to just display Dropbear’s public key in the OpenSSH format and/or its fingerprint?
Dropbear uses a binary format for storing the key and has no second file for storing the public key, especially not in a human-readable form.
The program dropbearkey is responsible for key generation but will also display the public key for the binary key file. The -y switch is important for reading the file, not writing it!
$ sudo dropbearkey -y -f /etc/dropbear/dropbear_ecdsa_host_key
Public key portion is:
ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAFygHJYm8rXlIrktbgGEcrfkipydP7ZM+mkWwot7lhnrYYuKvwMNE99YyvrKYT8fXnVaemSgOsigJDGAgdfCyJNjgDdNE4AU4RQRY4IN4PinnlMsw2Lv1BY1q+F2IcBBoSb/2OVTc2c5/LRQ7/rbPcqBpU8V3v67CTTULYY7yH1BTfnXQ== root@hostname
Fingerprint: md5 7d:c5:7e:43:a2:07:c3:93:a7:fe:5c:76:60:2e:a0:4c
I have always used this to display the public key:
dropbearkey -y -f /etc/dropbear/dropbear_ecdsa_host_key|sed -n 2p
It lists only the public key portion without all the other nonsense. I use the following to generate a public key file.
dbk=/etc/dropbear/dropbear_ecdsa_host_key;dropbearkey -y -f $dbk|sed -n 2p>${dbk}.pub;chmod 600 ${dbk}.pub
It also works with dropbear rsa keys.
