SSH key *.pem get fingerprint?

Question

I want to have a fingerprint of my SSH key file which is a private key (PEM file).

I tried following this and that advice:

key=$(ssh-keygen -yf lony.pem) | echo $key | ssh-keygen -lf /dev/stdin <<<"$key"

Resulting int this error:

/dev/stdin is not a public key file.

The key file looks like:

-----BEGIN RSA PRIVATE KEY-----
..
-----END RSA PRIVATE KEY-----

How can I get the fingerprint?

Answer 1

WITH AWK PIPE (no spaces in "passphrase comment" only)

bash-4.3$ ssh-keygen -lf sshkey | awk -F " " '{print $2" "$3}'

SHA256:beF471z86giH7cV49TduNVFD949UXzT+jHxgu+99gmM user1sshkey

Answer 2

There are several problems with this command pipeline:

key=$(ssh-keygen -yf lony.pem) | echo $key | 
ssh-keygen -lf /dev/stdin <<<"$key"

First, it's not clear why you're trying to pipe (|) the stdout of your assignment statement to the echo statement. The first doesn't produce any output, and the second doesn't consume any input. In the third component, you are piping the stdout from the echo command to stdin of the ssh-keygen...where you are also redirecting stdin using the <<< operator.

The easiest way to get the fingerprint from a private key file is just to run:

ssh-keygen -lf /path/to/privatekey.pem

For example, if we generate a private key:

bash-4.3$ ssh-keygen -f testkey -N ''

We can then compare the output of this:

bash-4.3$ ssh-keygen -lf testkey
2048 SHA256:beF471z86giH7cV49TduNVFD949UXzT+jHxgu+99gmM lars@myhost (RSA)

To this:

bash-4.3$ ssh-keygen -yf testkey | ssh-keygen -lf /dev/stdin
2048 SHA256:beF471z86giH7cV49TduNVFD949UXzT+jHxgu+99gmM no comment (RSA)

And see that we get the same fingerprint from both commands.