Thursday, 1 March 2018

What is a SSH key fingerprint and how is it generated?


I always find that I get this message when I ssh into a new machine:


12:f8:7e:78:61:b4:bf:e2:de:24:15:96:4e:d4:72:53

What does it stand for? Will every machine have the same fingerprint every time?


How are these fingerprints generated? What parameters do they depend on?



Answer



The fingerprint is based on the Host's Public key, usually based on "/etc/ssh/ssh_host_rsa_key.pub" Generally its for easy identification/verification of the host you are connecting to.


If the fingerprint changes, the machine you are connecting to has changed their public key. This may not be a bad thing(happens from re-installing ssh), but it could also indicate that you are connecting to a different machine at the same domain/IP(happens when you are connecting through something like load balancer) or that you are being targeted with a man-in-the-middle attack, where the attacker is somehow intercepting/rerouting your ssh connection to connect to a different host which could be snooping your user/pw.


Bottom line: if you get warned of a changed fingerprint, be cautious and double check that you're actually connecting to the correct host over a secure connection. Though most of the time this is harmless, it can be an indication of a potential issue


See: http://www.lysium.de/blog/index.php?/archives/186-How-to-get-ssh-server-fingerprint-information.html
and: http://en.wikipedia.org/wiki/Public_key_fingerprint


No comments:

Post a Comment

Where does Skype save my contact's avatars in Linux?

I'm using Skype on Linux. Where can I find images cached by skype of my contact's avatars? Answer I wanted to get those Skype avat...