How to keep the fingerprint same as last start

Question

How to keep the fingerprint same as last start

welyss opened this issue a year ago · comments

Hi, situation is:

region A(server reverse):
chisel server --port 1234 --keepalive=0s --tls-cert=xxx.crt --tls-key=yyy.key --reverse

region B(client):
nohup chisel client -v --fingerprint '31LOQeYl2uQqwvMEKBUk9/M2z2h2w5pMRs/+qrDWAlY=' --tls-skip-verify https://a.b.c.d:1234 R::12000:10.xxx.xxx.xxx:3306 >/var/log/chisel.log 2>&1 &

region C(client):
nohup chisel client -v --fingerprint '31LOQeYl2uQqwvMEKBUk9/M2z2h2w5pMRs/+qrDWAlY=' --tls-skip-verify https://a.b.c.d:1234 R::12001:10.xxx.xxx.xxx:3306 >/var/log/chisel.log 2>&1 &

region D,E...

it works very well, but if there is something wrong on region A, server restart, then fingerprint will be changed, so we have to restart all of client and reset a new fingerprint to connect with server. is there any way to keep the fingerprint unchanged,thanks

servostar · Answer 1 · Sat Sep 02 2023 17:16:36 GMT+0800 (China Standard Time)

Maybe the --keygen and --key argument will help you out. Haven't tried it but maybe something like this might be helpful:
chisel --keygen /path/to/keyfile.key --key -
This will generate a private key and write it to a file. It also outputs the fingerprint to stdout.
If using docker the generated key file should probably be stored in a volume or mounted somewhere safe in order to make it persistent.

welyss · Answer 2 · Mon Sep 04 2023 14:34:13 GMT+0800 (China Standard Time)

@Servostar Thanks for help!

chisel server --keygen /path/to/keyfile.key
chisel server --keyfile /path/to/keyfile.key

Works very well