![]() What to do to check the authenticity of a host/serverįirst, 1. ![]() l: Show fingerprint of specified public key file.ĭisplay ascii-art of remote server public host key (to be done on client side, the one you connect FROM via ssh): ssh -o visualhostkey=yes -o FingerprintHash=md5 Show fingerprints of all server public keys stored in ~/.ssh/know_hosts: cut -d' ' -f2- ~/.ssh/known_hosts | while read line do echo "$line" | ssh-keygen -lf- doneĭisplay ascii-art of the public host key stored on the server (to be done on server side, the one you connect TO via ssh): ssh-keygen -l -v -f /etc/ssh/ssh_host_ecdsa_key.pub Just remove the 1st column (IP address or hostname) and save that or pipe it to ssh-keygen -l which presents the fingerprint. the output of ssh-keygen is nearly identical to the format of the public key files.ssh-keyscan provides the full public key(s) of the SSH server.That is the line I added to my ~/.ssh/known_hosts file in order to authorize ssh requests from localhost for my tests (mainly for gitolite, which uses ssh). ssh-keyscan writes on stderr, not stdout(!), hence the bash redirection ' 2>&1' (that can vary depending on your shell).if your sshd runs on a custom port, add ' -p portNumber' to the ssh-keyscan command).Localhost ecdsa-sha2-nistp256 AAAAE2VlongKey.= ![]() ![]() With a recent ssh (OpenSSH_6.0p1, OpenSSL 1.0.0j ), I scripted it like this: ssh-keyscan -t ecdsa localhost 2>&1 | grep ecdsa ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |