User Tools

Site Tools

Trace:
ssl_fingerprint

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
ssl_fingerprint [2016/05/06 10:31] luke7858ssl_fingerprint [2024/05/23 07:26] (current) – external edit 127.0.0.1
Line 24: Line 24:
 <sxh bash> <sxh bash>
 The authenticity of host 'x.x.x.x (x.x.x.x)' can't be established. The authenticity of host 'x.x.x.x (x.x.x.x)' can't be established.
-RSA key fingerprint is 59:c7:8c:34:e7:97:c1:3z:e4:3a:13:e2:g6:39:7c:k9.+RSA key fingerprint is 59:c7:8c:34:e7:97:c1:3f:e4:3a:13:e2:s6:39:7c:l9.
 Are you sure you want to continue connecting (yes/no)?  Are you sure you want to continue connecting (yes/no)? 
 </sxh> </sxh>
 +This 'fingerprint' is a more 'human friendly' output of a servers public key. 
 \\ \\
 \\ \\
-Now its worth noting, if you are very strict about security then it would be worth retreiving the following information BEFORE sshing to the device for the first time. 
 \\ \\
-If you now run the following command on the server you have just connected toyou should get the same RSA fingerprint: +Now its worth noting, if you are very strict about security then it would be worth retrieving the following information BEFORE sshing to the device for the first time. To prevent accidental exposing your username and password to an unknown device.  
 +\\ 
 +\\ 
 +If you wish to obtain the fingerprint before connecting to a device then you should ask the owner of the other server to run the following command and send you the output before you connect:
 <sxh bash> <sxh bash>
 cd /etc/ssh cd /etc/ssh
Line 44: Line 46:
 2048 59:c7:8c:34:e7:97:c1:3z:e4:3a:13:e2:g6:39:7c:k9 ssh_host_rsa_key.pub (RSA) 2048 59:c7:8c:34:e7:97:c1:3z:e4:3a:13:e2:g6:39:7c:k9 ssh_host_rsa_key.pub (RSA)
 </sxh> </sxh>
 +You can now compare the two when first sshing to the device. 
 \\ \\
 +
 \\ \\
 == .ssh/known_hosts == == .ssh/known_hosts ==
-Its worth noting that your server stores a FULL copy of the target devices public key in the file known_hosts+Your server stores a FULL copy of the target devices public key in the file known_hosts, along with its IP. 
 \\ \\
 The fingerprint hash is for the use of humans so that its easier to compare fingerprints rather than trying to compare full private keys quickly. The fingerprint hash is for the use of humans so that its easier to compare fingerprints rather than trying to compare full private keys quickly.
Line 62: Line 66:
 \\ \\
 == Fingerprint Changed == == Fingerprint Changed ==
 +Below is an example output when a devices public key has changed. If you receive the following warning and you believe the target device has NOT been re-installed/edited etc, then I would highly recommend being very cautious
 <sxh bash> <sxh bash>
 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
ssl_fingerprint.1462530682.txt.gz · Last modified: 2024/05/23 07:26 (external edit)
Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
Public Domain Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki