Skip to content

ssh

stable

Utilities for working with SSH key fingerprints, authorized_keys and known_hosts file formats, config parsing, connection string formatting, and command escaping.

use plugin ssh::{fingerprint_sha256, fingerprint_md5, parse_authorized_keys_line, …}
13 functions Networking
/ filter jk navigate Esc clear
Functions (13)
  1. fingerprint_sha256 Compute SHA-256 fingerprint of a key
  2. fingerprint_md5 Compute MD5 fingerprint of a key
  3. parse_authorized_keys_line Parse one authorized_keys entry
  4. format_authorized_keys_line Format an authorized_keys entry
  5. parse_known_hosts_line Parse one known_hosts entry
  6. format_known_hosts_line Format a known_hosts entry
  7. generate_key_comment Build a user@host key comment string
  8. validate_key_type Check if a key type identifier is valid
  9. parse_host_port Parse a host:port string into parts
  10. format_connection_string Build an ssh connection string
  11. escape_command Single-quote escape a shell command
  12. parse_ssh_config_host Extract settings for a host from ssh_config
  13. build_command Build a full ssh command-line string

Overview

ssh is a dependency-free toolkit for the text formats and command lines that surround SSH, without ever opening a connection itself. It computes key fingerprints (SHA-256 and legacy MD5) in pure Rust, parses and formats the line syntax of authorized_keys, known_hosts, and ~/.ssh/config, and assembles the connection strings and ssh command lines you would hand to a shell. Every function is a pure transformation on strings, bytes, and tables — nothing stateful, no handles, no network. Reach for it when you are reading, writing, or auditing SSH configuration files, or building ssh invocations programmatically.

The mental model is two-sided: a parse_* function turns a line of file syntax into a table you can inspect, and a matching format_* function turns components back into a line. Fingerprints and command builders sit alongside as self-contained helpers.

Common patterns

Parse an authorized_keys line, validate its key type, and fingerprint it:

zolo▶ Playground
use plugin ssh::{parse_authorized_keys_line, validate_key_type}

let entry = parse_authorized_keys_line(
  "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5 alice@laptop"
)
if validate_key_type(entry["type"]) {
  print("valid {entry["type"]} key for {entry["comment"]}")
}

Read a host out of ~/.ssh/config and turn it into a runnable command:

zolo▶ Playground
use plugin ssh::{parse_ssh_config_host, build_command}
use plugin shell::{read_file, home_dir}

let config = read_file("{home_dir()}/.ssh/config")
let settings = parse_ssh_config_host(config, "prod")
let cmd = build_command(
  settings["HostName"], settings["User"], 22, settings["IdentityFile"]
)
print(cmd)

Split a host:port token and render a display connection string:

zolo▶ Playground
use plugin ssh::{parse_host_port, format_connection_string}

let parts = parse_host_port("example.com:2222")
let conn = format_connection_string("alice", parts["host"], parts["port"])
print(conn)

fingerprint_sha256(key_bytes) string

Compute SHA-256 fingerprint of a key

Computes the SHA-256 fingerprint of raw key bytes and returns it in the standard SHA256:<base64> format used by OpenSSH.

zolo▶ Playground
use plugin ssh::{fingerprint_sha256}

// key_bytes would typically come from decoding a base64 public key
let fp = fingerprint_sha256(key_bytes)
print(fp)

fingerprint_md5(key_bytes) string

Compute MD5 fingerprint of a key

Computes the legacy MD5 fingerprint of raw key bytes and returns it as MD5:xx:xx:xx:... colon-separated hex pairs.

zolo▶ Playground
use plugin ssh::{fingerprint_md5}

let fp = fingerprint_md5(key_bytes)
print(fp)

parse_authorized_keys_line(line) Table

Parse one authorized_keys entry

Parses a single line from an authorized_keys file and returns a table with type, key, and comment.

zolo▶ Playground
use plugin ssh::{parse_authorized_keys_line}

let entry = parse_authorized_keys_line(
  "ssh-ed25519 AAAA...base64... alice@laptop"
)
print("type={entry["type"]} comment={entry["comment"]}")

Round-trip an entry by parsing it and reformatting it unchanged:

zolo▶ Playground
use plugin ssh::{parse_authorized_keys_line, format_authorized_keys_line}

let e = parse_authorized_keys_line("ssh-rsa AAAA...base64... bob@server")
let line = format_authorized_keys_line(e["type"], e["key"], e["comment"])
print(line)

format_authorized_keys_line(key_type, key, comment) string

Format an authorized_keys entry

Formats an authorized_keys entry from its components. comment is optional and omitted if empty.

zolo▶ Playground
use plugin ssh::{format_authorized_keys_line}

let line = format_authorized_keys_line(
  "ssh-ed25519", "AAAA...base64...", "alice@laptop"
)
print(line)

parse_known_hosts_line(line) Table

Parse one known_hosts entry

Parses a single line from a known_hosts file and returns a table with hosts (a table of host strings), type, and key.

zolo▶ Playground
use plugin ssh::{parse_known_hosts_line}

let entry = parse_known_hosts_line(
  "example.com,192.168.1.1 ssh-ed25519 AAAA...base64..."
)
for _, host in entry["hosts"] {
  print(host)
}

format_known_hosts_line(hosts, key_type, key) string

Format a known_hosts entry

Formats a known_hosts line from a hosts string (comma-separated), key type, and base64 key.

zolo▶ Playground
use plugin ssh::{format_known_hosts_line}

let line = format_known_hosts_line(
  "example.com,192.168.1.1", "ssh-ed25519", "AAAA...base64..."
)
print(line)

generate_key_comment(user, host) string

Build a user@host key comment string

Returns a standard user@host comment string, as conventionally used in SSH public key comments.

zolo▶ Playground
use plugin ssh::{generate_key_comment}

let comment = generate_key_comment("alice", "laptop.local")
print(comment)

It pairs naturally with format_authorized_keys_line to stamp a fresh key:

zolo▶ Playground
use plugin ssh::{generate_key_comment, format_authorized_keys_line}

let comment = generate_key_comment("ci", "build-runner")
let line = format_authorized_keys_line("ssh-ed25519", "AAAA...base64...", comment)
print(line)

validate_key_type(key_type) bool

Check if a key type identifier is valid

Returns true if key_type is a recognised SSH key type identifier such as ssh-ed25519, ssh-rsa, or ecdsa-sha2-nistp256.

zolo▶ Playground
use plugin ssh::{validate_key_type}

print(validate_key_type("ssh-ed25519"))
print(validate_key_type("ssh-rsa"))
print(validate_key_type("unknown-type"))

parse_host_port(host_string) Table

Parse a host:port string into parts

Parses a host:port, [host]:port, or bare host string and returns {host, port}. The default port is 22 when not specified.

zolo▶ Playground
use plugin ssh::{parse_host_port}

let parts = parse_host_port("example.com:2222")
print("host={parts["host"]} port={parts["port"]}")

let ipv6 = parse_host_port("[::1]:22")
print("host={ipv6["host"]}")

format_connection_string(user, host, port) string

Build an ssh connection string

Builds an SSH connection string. If port is 22 it is omitted. If user is empty it is omitted. The result is suitable for display or logging.

zolo▶ Playground
use plugin ssh::{format_connection_string}

let s = format_connection_string("alice", "example.com", 22)
print(s)

let s2 = format_connection_string("bob", "example.com", 2222)
print(s2)

escape_command(command) string

Single-quote escape a shell command

Wraps command in single quotes and escapes any internal single quotes so the result is safe to pass as a remote command argument to SSH.

zolo▶ Playground
use plugin ssh::{escape_command, build_command}

let cmd = escape_command("echo 'hello world'")
let full = build_command("example.com", nil, nil, nil)
print("{full} {cmd}")

parse_ssh_config_host(config_text, host_name) Table

Extract settings for a host from ssh_config

Parses the text of an ~/.ssh/config file and returns the key-value settings that apply to host_name, respecting wildcard Host patterns.

zolo▶ Playground
use plugin ssh::{parse_ssh_config_host}
use plugin shell::{read_file, home_dir}

let config = read_file("{home_dir()}/.ssh/config")
let settings = parse_ssh_config_host(config, "myserver")
for key, val in settings {
  print("{key} = {val}")
}

build_command(host, user, port, identity_file) string

Build a full ssh command-line string

Builds a complete ssh command-line string with optional -l user, -p port, and -i identity_file flags. All parameters except host are optional.

zolo▶ Playground
use plugin ssh::{build_command}

let cmd = build_command("example.com", "alice", 2222, "~/.ssh/id_ed25519")
print(cmd)

let simple = build_command("example.com", nil, nil, nil)
print(simple)

Combine it with escape_command to safely append a remote command:

zolo▶ Playground
use plugin ssh::{build_command, escape_command}

let base = build_command("example.com", "alice", nil, nil)
let remote = escape_command("tail -f /var/log/app.log")
print("{base} {remote}")
View source code
enespt-br