LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-25-2016, 11:45 AM   #1
RobInRockCity
Member
 
Registered: Feb 2015
Posts: 141

Rep: Reputation: Disabled
Fingerprint questions


How is the SSH Fingerprint on a server created?

In other words, what makes up the fingerprint?
 
Old 02-25-2016, 11:52 AM   #2
cliffordw
Member
 
Registered: Jan 2012
Location: South Africa
Posts: 481

Rep: Reputation: 179Reputation: 179
Hi there,

SSH servers have host keys, which are generated randomly with the "ssh-keygen" command. These keys contain a private and public key part, just like user keys.

The fingerprint for a key is simply an MD5 hash of the public key. The server's fingerprint you see when you connect to a server for the first time is derived from the host's public key.

Regards,

Clifford
 
Old 02-25-2016, 01:38 PM   #3
RobInRockCity
Member
 
Registered: Feb 2015
Posts: 141

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by cliffordw View Post
Hi there,

SSH servers have host keys, which are generated randomly with the "ssh-keygen" command. These keys contain a private and public key part, just like user keys.

The fingerprint for a key is simply an MD5 hash of the public key. The server's fingerprint you see when you connect to a server for the first time is derived from the host's public key.

Regards,

Clifford
First off, I am using a Mac to connect to my server. I used ssh-keygen -t rsa -b 2048 to generate a public/private key pair on my laptop, then I uploaded the public key to my server.

When I log in to the server for the first time using SSH, is the fingerprint that I see in Terminal coming from the public key I uploaded above?

Or do the system admins for my web host create a public/private key pair similar to how I did on my Mac, and THAT public key is the one that is used for my server's fingerprint?

Hopefully you follow me?
 
Old 02-26-2016, 02:47 AM   #4
cliffordw
Member
 
Registered: Jan 2012
Location: South Africa
Posts: 481

Rep: Reputation: 179Reputation: 179
Hi,

Your other thread has more info on this, but just a quick note to try and answer your specific question on key generation.

As mentioned elsewhere, it's the HOST key that is of importance for verifying the fingerprint/identity of the server. Host keys are also generated with the same ssh-keygen command you used, except that the output is stored elsewhere (/etc/ssh/ssh_host_*_key), and used differently. This is usually done automatically when the SSH server (sshd) is started for the first time, and does not need to be done manually by the sysadmin.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
fingerprint-gui "Could not open fingerprint device" exactiv Linux - Security 4 12-15-2015 05:50 PM
fingerprint match against collection of previos fingerprint mukesh.methaniya Linux - Software 0 05-22-2011 03:31 AM
Your browser fingerprint. barriehie General 11 11-21-2010 01:40 PM
Fingerprint authentication? DaBlade Linux - Hardware 5 06-12-2008 03:47 PM
fingerprint--- help? shagan Linux - General 0 09-23-2004 02:02 AM


All times are GMT -5. The time now is 12:03 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration