[TriLUG] SSH Host Key Verification

Jeff Groves jgroves at krenim.org
Wed Jan 26 12:02:19 EST 2005


Matt Pusateri wrote:

>Triluger's
>
>
>I just built a brand new box(freebsd) yesterday and when I went to ssh
>into it for the first time, it asked me to accept the host key
>fingerpirnt as you would suspect.  This got me thinking about how to
>verify the fingerprint, so a little googleing came up with "ssh-keygen
>-l key" which prints out the fingerprint of the key you feed it.  Now
>I have logged into the console and got my fingerprints, which
>incidently match the fingerprints that I recorded when the server
>booted for the first time and created the ssh keys.  But when I
>connect via ssh the fingerprint does not match.  So is ssh-keygen -l
>not the way to verify the host key fingerprint?  Or am I missing
>something?
>
>The client is ssh corporation's  ssh shell for windows 3.2.9,
>
>And, No I have not been rooted :)
>
>
>Thanks
>
>Matt Pusateri
>
>  
>
I think that with the ssh-keygen command that you are using, you are 
retrieving your personal client key finger print (from the key in your 
.ssh subdirectory off of your home directory) and not that of the server.

You need to find where the public key for your server resides and use 
that instead.

On my Fedora core 2 machine, I use this command to get what I believe 
that you're looking for:

ssh-keygen -l -f /etc/ssh/ssh_host_key.pub


Jeff G.

-- 
Law of Procrastination:
        Procrastination avoids boredom; one never has
        the feeling that there is nothing important to do. 




More information about the TriLUG mailing list