Feature Request (EC2): Show SSH Fingerprints in console

Hi,

It would be nice if you added something like

bash -c 'for f in $(ls /etc/ssh/*.pub); do ssh-keygen -lf $f; done'

to /etc/rc.local on your EC2 AMI - this would display the SSH key fingerprints in the console output (which can be securely obtained from the ec2 console or command line tools). Without a secure way to obtain these fingerprints it is not possible to detect a man-in-the-middle attack of the first SSH connection to the server.

My current workaround is to place the following scipt as the ec2 user data file:

#!/bin/bash

set -o nounset

set -o errexit

# Dump SSH fingerprints to console

for f in $(ls /etc/ssh/*.pub); do ssh-keygen -lf $f; done > /dev/console

However it would be nice if this functionality was built into the AMI as i'm not currently needing the user data mechanism for anything else.

Cheers,

Dave