http://cafe.elharo.com/security/verifying-ssh-host-fingerprints/ Longer than a blog; shorter than a book Tue, 06 Jan 2009 03:37:28 +0000 http://wordpress.org/?v=2.6.3 http://cafe.elharo.com/security/verifying-ssh-host-fingerprints/#comment-214487 Daniel Tue, 08 Apr 2008 03:29:41 +0000 http://minicafe.elharo.com/security/verifying-ssh-host-fingerprints/#comment-214487 Thanks. I was wondering exactly the same thing (how do you know it's who you want it to be) until I finally came across your post. Explanation about fingerprint also very helpful. Thanks. I was wondering exactly the same thing (how do you know it’s who you want it to be) until I finally came across your post. Explanation about fingerprint also very helpful.

]]> http://cafe.elharo.com/security/verifying-ssh-host-fingerprints/#comment-63824 Jim Syler Sat, 10 Mar 2007 20:12:38 +0000 http://minicafe.elharo.com/security/verifying-ssh-host-fingerprints/#comment-63824 To answer my own questions: the -1 option forces use of the RSA1 protocol. And the way to find the hash (besides "ssh -1 localhost" and hoping you've never done that and said "yes") is "ssh-keygen -lf /etc/ssh_host_key.pub" on OS X 10.3 or later (well, only tested on 10.3.9). In other words, get the fingerprint for "etc/ssh_host_key.pub" instead of "etc/ssh_host_rsa_key.pub". To answer my own questions: the -1 option forces use of the RSA1 protocol. And the way to find the hash (besides “ssh -1 localhost” and hoping you’ve never done that and said “yes”) is “ssh-keygen -lf /etc/ssh_host_key.pub” on OS X 10.3 or later (well, only tested on 10.3.9). In other words, get the fingerprint for “etc/ssh_host_key.pub” instead of “etc/ssh_host_rsa_key.pub”.

]]> http://cafe.elharo.com/security/verifying-ssh-host-fingerprints/#comment-63819 Jim Syler Sat, 10 Mar 2007 20:00:27 +0000 http://minicafe.elharo.com/security/verifying-ssh-host-fingerprints/#comment-63819 Okay, here's the weird thing about this: When you Connect To Server under the File menu in Terminal, it actually uses the -1 flag. So if you don't use the -1 flag when you "ssh localhost" (in other words, use "ssh -1 localhost"), you get a different hash. Two questions: What does the -1 do? And how do you find the -1 hash using ssh-keygen? Okay, here’s the weird thing about this: When you Connect To Server under the File menu in Terminal, it actually uses the -1 flag. So if you don’t use the -1 flag when you “ssh localhost” (in other words, use “ssh -1 localhost”), you get a different hash. Two questions: What does the -1 do? And how do you find the -1 hash using ssh-keygen?

]]> http://cafe.elharo.com/security/verifying-ssh-host-fingerprints/#comment-6290 Emmanuel Thu, 20 Jul 2006 13:01:19 +0000 http://minicafe.elharo.com/security/verifying-ssh-host-fingerprints/#comment-6290 Perhaps did you change from rsa to dsa key ? Perhaps did you change from rsa to dsa key ?

]]>