godo icon indicating copy to clipboard operation
godo copied to clipboard

Published 20 hours ago verified publisher icon digitalocean

How to determine SSH fingerprint of Droplet instance

Open adrianlshaw opened this issue 4 years ago • 2 comments

During Droplet creation, the API seems to have a way of specifying the SSH identities that are authorized to access the droplet instance. This allows the droplet instance to authenticate clients.

However, I cannot find a way to get the public key fingerprint of the SSH server running on the Droplet instance. In other words, how are clients able to authenticate the instance?

adrianlshaw avatar Feb 06 '21 20:02 adrianlshaw

The DigitalOcean API does not currently support this. If this is something you require, there are some workarounds. I'd suggest looking into using cloud-init to either post the host key to a webhook or to provide your own host key.

https://www.digitalocean.com/community/questions/how-do-i-validate-the-ecdsa-key-fingerprint-of-my-newly-created-droplet?answer=41769

andrewsomething avatar Feb 08 '21 15:02 andrewsomething

Thanks a lot for the pointer. I was completely unaware aware of the cloud-init approach. It would be nice if the API provided an abstraction to help with this, but I understand that it might go beyond the scope of what this library provides. In the meantime, I'll try the workaround.

adrianlshaw avatar Feb 13 '21 13:02 adrianlshaw