How do I find out the RSA fingerprint of the server I want to connect to
I know that when connecting to a server using SSH for the first time you get a message like:
The authenticity of host 'nnn.nnn.nnn.nnn' can't be established. RSA key fingerprint is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx. Are you sure you want to continue connecting (yes/no)? no And that once it is accepted, it is stored in ~/.ssh/known_hosts for comparison on the next connection attempts - This previous knowledge helps to avoid the "Man-in-the-middle" attack, from that point on. What I would like to know is, how can I be sure in the first time I connect, that I am connecting to the right server, and not one "Man-in-the-middle" server? I would like to know if there is a way to obtain the fingerprint on the server so that I can really be sure. Thanks. |
Quote:
|
Quote:
|
Quote:
Thanks |
Quote:
So he basically just needs to give you a copy of that. |
Quote:
The authenticity of host 'nnn.nnn.nnn.nnn' can't be established. RSA key fingerprint is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx. Are you sure you want to continue connecting (yes/no)? no would never appear. That's great! This way I can be sure to what I am connecting from the beginning. Only for the record: ssh_host_rsa_key.pub is NOT the fingerprint of the RSA Key - it is the RSA Key itself! And now I got curious: is there any tool that generates the fingerprint based on a given key? |
Quote:
Code:
ssh-keygen -l -f server-public-key.txt |
Thanks win32sux
|
Quote:
|
Force reported RSA fingerprint to be in MD5 (or other) format
Thanks win32sux :).
To take it one step further... Adding "-E md5" to the ssh-keygen command will force it to output the RSA fingerprint in the hexadecimal colon-delimited format that ssh may display (as is shown in the original question). (Do man ssh-keygen to see other formats available.) Putting the command in a do loop will display all the public keys. Code:
cd /etc/ssh; for file in *sa_key.pub; do ssh-keygen -E md5 -lf $file; done |
All times are GMT -5. The time now is 10:24 AM. |