Merge pull request #10614 from justinsb/aws_ssh_fingeprint

AWS: Use the SSH key fingerprint, not the AWS fingerprint

cluster/aws/util.sh

@@ -301,11 +301,20 @@ function detect-ubuntu-image () {
 # Note that this is a different hash from the OpenSSH hash.
 # But AWS gives us this public key hash in the describe keys output, so we should stick with this format.
 # Hopefully this will be done by the aws cli tool one day: https://github.com/aws/aws-cli/issues/191
+# NOTE: This does not work on Mavericks, due to an odd ssh-keygen version, so we use get-ssh-fingerprint instead
 function get-aws-fingerprint {
   local -r pubkey_path=$1
   ssh-keygen -f ${pubkey_path} -e -m PKCS8  | openssl rsa -pubin -outform DER | openssl md5 -c | sed -e 's/(stdin)= //g'
 }
 
+# Computes the SSH fingerprint for a public key file ($1)
+# #1: path to public key file
+# Note this is different from the AWS fingerprint; see notes on get-aws-fingerprint
+function get-ssh-fingerprint {
+  local -r pubkey_path=$1
+  ssh-keygen -lf ${pubkey_path} | cut -f2 -d' '
+}
+
 # Import an SSH public key to AWS.
 # Ignores duplicate names; recommended to use a name that includes the public key hash.
 # $1 name
@@ -660,7 +669,10 @@ function kube-up {
     ssh-keygen -f "$AWS_SSH_KEY" -N ''
   fi
 
-  AWS_SSH_KEY_FINGERPRINT=$(get-aws-fingerprint ${AWS_SSH_KEY}.pub)
+  # Note that we use get-ssh-fingerprint, so this works on OSX Mavericks
+  # get-aws-fingerprint gives the same fingerprint that AWS computes,
+  # but OSX Mavericks ssh-keygen can't compute it
+  AWS_SSH_KEY_FINGERPRINT=$(get-ssh-fingerprint ${AWS_SSH_KEY}.pub)
   echo "Using SSH key with (AWS) fingerprint: ${AWS_SSH_KEY_FINGERPRINT}"
   AWS_SSH_KEY_NAME="kubernetes-${AWS_SSH_KEY_FINGERPRINT//:/}"