LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Fingerprint questions (https://www.linuxquestions.org/questions/linux-newbie-8/fingerprint-questions-4175573212/)

RobInRockCity 02-25-2016 10:45 AM

Fingerprint questions
 
How is the SSH Fingerprint on a server created?

In other words, what makes up the fingerprint?

cliffordw 02-25-2016 10:52 AM

Hi there,

SSH servers have host keys, which are generated randomly with the "ssh-keygen" command. These keys contain a private and public key part, just like user keys.

The fingerprint for a key is simply an MD5 hash of the public key. The server's fingerprint you see when you connect to a server for the first time is derived from the host's public key.

Regards,

Clifford

RobInRockCity 02-25-2016 12:38 PM

Quote:

Originally Posted by cliffordw (Post 5506019)
Hi there,

SSH servers have host keys, which are generated randomly with the "ssh-keygen" command. These keys contain a private and public key part, just like user keys.

The fingerprint for a key is simply an MD5 hash of the public key. The server's fingerprint you see when you connect to a server for the first time is derived from the host's public key.

Regards,

Clifford

First off, I am using a Mac to connect to my server. I used ssh-keygen -t rsa -b 2048 to generate a public/private key pair on my laptop, then I uploaded the public key to my server.

When I log in to the server for the first time using SSH, is the fingerprint that I see in Terminal coming from the public key I uploaded above?

Or do the system admins for my web host create a public/private key pair similar to how I did on my Mac, and THAT public key is the one that is used for my server's fingerprint?

Hopefully you follow me?

cliffordw 02-26-2016 01:47 AM

Hi,

Your other thread has more info on this, but just a quick note to try and answer your specific question on key generation.

As mentioned elsewhere, it's the HOST key that is of importance for verifying the fingerprint/identity of the server. Host keys are also generated with the same ssh-keygen command you used, except that the output is stored elsewhere (/etc/ssh/ssh_host_*_key), and used differently. This is usually done automatically when the SSH server (sshd) is started for the first time, and does not need to be done manually by the sysadmin.


All times are GMT -5. The time now is 02:09 AM.