mod/ssh-keys-import: calculate fingerprint...

... and store it in key-owner, which is descriptive only.

This requires RouterOS 7.12beta1 for the 'transform' property
for ':convert' command.

doc/mod/ssh-keys-import.md

@@ -3,6 +3,8 @@ Import ssh keys for public key authentication
 
 [⬅️ Go back to main README](../../README.md)
 
+[![required RouterOS version](https://img.shields.io/badge/RouterOS-7.12beta1-yellow?style=flat)](https://mikrotik.com/download/changelogs/)
+
 > ℹ️️ **Info**: This module can not be used on its own but requires the base
 > installation. See [main README](../../README.md) for details.
 
@@ -35,7 +37,11 @@ been added:
     $SSHKeysImport "ssh-ed25519 AAAAC3Nza...ZVugJT user" admin;
 
 The third part of the key (`user` in this example) is inherited as
-`key-owner` in RouterOS.
+`key-owner` in RouterOS. Also the `MD5` fingerprint is recorded, this helps
+to audit and verify the available keys.
+
+> ℹ️️ **Info**: Use `ssh-keygen` to show a fingerprint of an existing public
+> key file: `ssh-keygen -l -E md5 -f ~/.ssh/id_ed25519.pub`
 
 ### Import several keys from file
 

global-functions.rsc

@@ -12,7 +12,7 @@
 :local 0 "global-functions";
 
 # expected configuration version
-:global ExpectedConfigVersion 111;
+:global ExpectedConfigVersion 112;
 
 # global variables not to be changed by user
 :global GlobalFunctionsReady false;

mod/ssh-keys-import.rsc

@@ -3,6 +3,8 @@
 # Copyright (c) 2020-2023 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
+# requires RouterOS, version=7.12beta1
+#
 # import ssh keys for public key authentication
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/mod/ssh-keys-import.md
 
@@ -38,12 +40,15 @@
     $LogPrintExit2 warning $0 ("Creating directory 'tmpfs/ssh-keys-import' failed!") true;
   }
 
+  :local FingerPrintMD5 [ :convert from=base64 transform=md5 to=hex ($KeyVal->1) ];
   :local FileName ("tmpfs/ssh-keys-import/key-" . [ $GetRandom20CharAlNum 6 ] . ".pub");
-  /file/add name=$FileName contents=$Key;
+  /file/add name=$FileName contents=($Key . ", md5=" . $FingerPrintMD5);
   $WaitForFile $FileName;
 
   :do {
     /user/ssh-keys/import public-key-file=$FileName user=$User;
+    $LogPrintExit2 info $0 ("Imported ssh public key (" . $KeyVal->2 . ", " . $KeyVal->0 . ", " . \
+      "MD5:" . $FingerPrintMD5 . ") for user '" . $User . "'.") false;
   } on-error={
     $LogPrintExit2 warning $0 ("Failed importing key.") true;
   }

news-and-changes.rsc

@@ -25,6 +25,7 @@
   109="Added support to send notifications via Ntfy (ntfy.sh).";
   110="Dropped support for loading scripts from local storage.";
   111="Modified 'dhcp-to-dns' to allow multiple records for one mac address.";
+  112="Enhanced 'mod/ssh-keys-import' to record the fingerprint of keys.";
 };
 
 # Migration steps to be applied on script updates