Wednesday, 20 May 2015

Get the SSH fingerprint of an SSH server

If you've ever tried to connected to a new server over SSH, you would've seen a message similar to the following:

# ssh iridium The authenticity of host '[foo]' can't be established. RSA key fingerprint is a2:b9:c5:d3:e5:fc:a6:b3:c7:da:e1:f0:ac:b9:c9:d5. Are you sure you want to continue connecting (yes/no)?

Then you may have wondered, "Well, what *is* the fingerprint of my server supposed to be?". Basically, in order to do the authentication of the host, you should run the command below (at SSH server install time, or over a "secure" channel) in order to get your hosts SSH fingerprint:

# ssh-keygen -lf /etc/ssh/ 2048 a2:b9:c5:d3:e5:fc:a6:b3:c7:da:e1:f0:ac:b9:c9:d5 root@foo (RSA)

You should then be able to compare the two fingerprints to determine whether the server you're connecting to is in fact the one you're trying to connect to and isn't some sort of honeypot.

No comments: