I always find that I get this message when I ssh into a new machine:
12:f8:7e:78:61:b4:bf:e2:de:24:15:96:4e:d4:72:53
What does it stand for? Will every machine have the same fingerprint every time?
How are these fingerprints generated? What parameters do they depend on?
Answer
The fingerprint is based on the Host's Public key, usually based on "/etc/ssh/ssh_host_rsa_key.pub" Generally its for easy identification/verification of the host you are connecting to.
If the fingerprint changes, the machine you are connecting to has changed their public key. This may not be a bad thing(happens from re-installing ssh), but it could also indicate that you are connecting to a different machine at the same domain/IP(happens when you are connecting through something like load balancer) or that you are being targeted with a man-in-the-middle attack, where the attacker is somehow intercepting/rerouting your ssh connection to connect to a different host which could be snooping your user/pw.
Bottom line: if you get warned of a changed fingerprint, be cautious and double check that you're actually connecting to the correct host over a secure connection. Though most of the time this is harmless, it can be an indication of a potential issue
See: http://www.lysium.de/blog/index.php?/archives/186-How-to-get-ssh-server-fingerprint-information.html
and: http://en.wikipedia.org/wiki/Public_key_fingerprint
No comments:
Post a Comment