RE: Verifying the host fingerprint
From: Aditya, ALD [Aditya Lalit Deshmukh] (aditya.deshmukh_at_online.gateway.technolabs.net)
Date: 02/18/04
- Previous message: Fiengo, Paul (Contractor): "Passphrase Question"
- In reply to: Rickerby, Nathan J: "RE: Verifying the host fingerprint"
- Next in thread: Craig M. Dupree: "Re: Verifying the host fingerprint"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Rickerby, Nathan J" <nathan.rickerby@eds.com>, <secureshell@securityfocus.com> Date: Wed, 18 Feb 2004 10:43:34 +0530
> -----Original Message-----
> From: Rickerby, Nathan J [mailto:nathan.rickerby@eds.com]
> Sent: Wednesday, February 18, 2004 4:59 AM
> To: secureshell@securityfocus.com
> Subject: RE: Verifying the host fingerprint
>
>
> From the ssh-keygen man page
>
> -l Show fingerprint of specified public key file. Private RSA1 keys are
> also supported. For RSA and DSA keys ssh-keygen tries to find
> the matching
> public key file and prints its fingerprint.
>
> On my machine it goes soemthing like this.
>
this is like the pgp keys - your get a keyid that you have to verify from some other trusted source like a phone call or signed email
> $ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
> 1024 8d:a6:3e:af:a7:e3:c6:fc:28:71:82:be:a8:e9:96:a6
> /etc/ssh/ssh_host_rsa_key.pub
> $ ssh localhost
> The authenticity of host 'localhost (::1)' can't be established.
> RSA key fingerprint is 8d:a6:3e:af:a7:e3:c6:fc:28:71:82:be:a8:e9:96:a6.
> Are you sure you want to continue connecting (yes/no)? yes
> Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
> $
>
please verify the host key with the host admin before the connection or else you leave your self open to middle in the man attacks
-aditya
> > -----Original Message-----
> > From: Hamish Whittal [mailto:hamish@QEDux.co.za]
> > Sent: Monday, February 16, 2004 11:43 PM
> > To: secureshell@securityfocus.com
> > Subject: Verifying the host fingerprint
> >
> >
> > Hi all,
> >
> > I am trying to log into a host and, the first time, it gives
> > me a host fingerprint, asking whether this is the host I am
> > trying to connect to. I know it is, but how do I "REALLY" verify this?
> >
> > I cannot seem to find anything on the Net explaining how to do this.
> >
> > Thanks in advance.
> > Hamish
> > --------------------------------------------------------------
> > -- Hamish Whittal | QED Technologies cc | Mobile: +27 82 803
> > 5533 | landline: +27 21 671 7710 | fax: +27 21 674 9184 |
> > Signature autogenerated...don't complain | The new
> > Congressmen say they're going to turn the government around.
> > I hope I don't get run over again.
> >
>
>
________________________________________________________________________
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)
- Previous message: Fiengo, Paul (Contractor): "Passphrase Question"
- In reply to: Rickerby, Nathan J: "RE: Verifying the host fingerprint"
- Next in thread: Craig M. Dupree: "Re: Verifying the host fingerprint"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
