Re: ssh_host_dsa_key fingerprint

From: Karsten W. Rohrbach (karsten@rohrbach.de)
Date: 07/27/01 

Date: Fri, 27 Jul 2001 18:08:44 +0200
From: "Karsten W. Rohrbach" <karsten@rohrbach.de>
To: Scott Johnson <sjohn@airlinksys.com>, freebsd-security@freebsd.org

Peter Pentchev(roam@orbitel.bg)@2001.07.27 18:24:33 +0000:
> On Fri, Jul 27, 2001 at 05:04:48PM +0200, Karsten W. Rohrbach wrote:
> > Scott Johnson(sjohn@airlinksys.com)@2001.07.27 01:16:47 +0000:
> > > If you're like me and wondered how to get a fingerprint for your DSA host
> > > key: start ssh-agent, add the host key, and list your keys.
> > >
> > > If you don't care or already figured out a way, disregard this message.
> > > :-)
> >
> > man ssh-keygen(1):
> >
> > -l Show fingerprint of specified private or public key file.
>
> Does this work for DSA though?
>
> [root@ringworld:v3 ~]# ssh-keygen -lf /etc/ssh/ssh_host_dsa_key
> /etc/ssh/ssh_host_dsa_key is not a valid key file.
> [root@ringworld:v3 ~]# ssh-keygen -lf /etc/ssh/ssh_host_key
> 1024 fc:1f:cf:8c:5c:dc:10:d7:80:21:a3:cc:3b:b2:9f:9d root@ringworld.office1.bg
> [root@ringworld:v3 ~]#
>
> Seems to work OK for the RSA host key..
> This is on a -stable rebuilt today:
>
> [root@ringworld:v3 ~]# ssh -V
> SSH Version OpenSSH_2.3.0 green@FreeBSD.org 20010321, protocol versions 1.5/2.0.
> Compiled with SSL (0x0090601f).

peter, as always, you are right. this works only for rsa keys.
my fault ;-)

/k 

-- 
> "Her figure described a set of parabolas that could cause cardiac arrest
> in a yak." --Woody Allen
KR433/KR11-RIPE -- WebMonster Community Founder -- nGENn GmbH Senior Techie
http://www.webmonster.de/ -- ftp://ftp.webmonster.de/ -- http://www.ngenn.net/
karsten&rohrbach.de -- alpha&ngenn.net -- alpha&scene.org -- catch@spam.de
GnuPG 0x2964BF46 2001-03-15 42F9 9FFF 50D4 2F38 DBEE  DF22 3340 4F4E 2964 BF46
Please do not remove my address from To: and Cc: fields in mailing lists. 10x

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • Re: ssh_host_dsa_key fingerprint
    ... >> If you're like me and wondered how to get a fingerprint for your DSA host ... >> If you don't care or already figured out a way, ... > -l Show fingerprint of specified private or public key file. ...
    (FreeBSD-Security)
  • Re: ssh_host_dsa_key fingerprint
    ... > If you're like me and wondered how to get a fingerprint for your DSA host ... start ssh-agent, add the host key, and list your keys. ... -l Show fingerprint of specified private or public key file. ... Please do not remove my address from To: and Cc: fields in mailing lists. ...
    (FreeBSD-Security)
  • Re: DNS, Man-in-the-middle??
    ... > my ISP's DNS server and tried to SSH to Speaker. ... > It is also possible that the RSA host key has just been changed. ... Is your question "How can you be sure an MITM attack is taking place?" ... (Also write down the fingerprint as displayed on speakers console.) ...
    (Security-Basics)
  • ssh_host_dsa_key fingerprint
    ... If you're like me and wondered how to get a fingerprint for your DSA host ... start ssh-agent, add the host key, and list your keys. ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)