I'm encountering an interesting scenario where the generated fingerprint for my imported/created ed25519 SSH key is different from the one reported by ssh-keygen in the AWS EC2 Key console.
For example, consider a random key I generated for which the ssh-keygen fingerprint is:
64OuseEfObM7yYiEyK7u42qN1kHj6/JGnpro1XqO4pM
And AWS generated the fingerprint as such:
64OuseEfObM7yYiEyK7u42qN1kHj6/JGnpro1XqO4pM=
So, there is extra padding for some reason. Does anyone know why that is so? Alternatively, does anyone know how AWS generates these fingerprints and is it just fine to trim that last = away? I mean padding is mostly optional, but I would like to generate the same fingerprint so I can compare them.
Also, note that this is only for ed25519 keys. Normal RSA works fine. I know they do some wonky stuff converting it to OpenSSL then back or something like that. But that's not the case for ed25519 I think...
Cheers!
I got it.
From other posts here as well, but the answer is that they are using a base64 sha256 openssl combo like this:
$ cat ~/.ssh/ec2-key.pub | base64 -w0 -d | openssl dgst -binary -sha256 | base64 -w0; echo
Where the pub key was generated from the downloaded ec2 pem key like this:
ssh-keygen -y -f ~/.ssh/ec2-key.pem > ~/.ssh/ec2-key.pub