Fingerprint questions
How is the SSH Fingerprint on a server created?
In other words, what makes up the fingerprint? |
Hi there,
SSH servers have host keys, which are generated randomly with the "ssh-keygen" command. These keys contain a private and public key part, just like user keys. The fingerprint for a key is simply an MD5 hash of the public key. The server's fingerprint you see when you connect to a server for the first time is derived from the host's public key. Regards, Clifford |
Quote:
When I log in to the server for the first time using SSH, is the fingerprint that I see in Terminal coming from the public key I uploaded above? Or do the system admins for my web host create a public/private key pair similar to how I did on my Mac, and THAT public key is the one that is used for my server's fingerprint? Hopefully you follow me? |
Hi,
Your other thread has more info on this, but just a quick note to try and answer your specific question on key generation. As mentioned elsewhere, it's the HOST key that is of importance for verifying the fingerprint/identity of the server. Host keys are also generated with the same ssh-keygen command you used, except that the output is stored elsewhere (/etc/ssh/ssh_host_*_key), and used differently. This is usually done automatically when the SSH server (sshd) is started for the first time, and does not need to be done manually by the sysadmin. |
All times are GMT -5. The time now is 10:13 AM. |