Languages
[Edit]
EN

SSH - verify used local and server key fingerprints (Windows - Linux connection verification)

6 points
Created by:
Imaan-Morin
619

In this short article, we would like to show you, how to verify used locally SSH keys with the keys stored on the Linux server using ssh-keygen under Bash.

Note: the below examples use as default SHA-256 algorithm, to change it add -E md5 or -E sha1 parameter.

Simple steps:

  1. run locally on your PC (with Windows) following command:
    ssh-keygen.exe -l -f ~/.ssh/known_hosts
    
    # or:
    
    ssh-keygen.exe -l -f /c/Users/my_user_directory/.ssh/known_hosts

    Example output:

    256 SHA256:rk8GxMsKnFLTXd1VW57up4wQqqn5qbfDaIeO27ks3jv 192.168.1.70 (ED25519)
    2048 SHA256:sihm43JhFtQ+p1XTUpsQfzt2v2ViJcEwGZpDf8Pslb5 192.168.1.70 (RSA)
    256 SHA256:nwbsQERIVVgN3p2Rp+KF+SxLnECe+3bcDCsQvLwf/Ih 192.168.1.70 (ECDSA)
  2. run on your server (with Linux) following commands:
    ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub
    ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
    ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key.pub

    Example outputs:

    256 SHA256:rk8GxMsKnFLTXd1VW57up4wQqqn5qbfDaIeO27ks3jv 192.168.1.70 (ED25519)
    2048 SHA256:sihm43JhFtQ+p1XTUpsQfzt2v2ViJcEwGZpDf8Pslb5 192.168.1.70 (RSA)
    256 SHA256:nwbsQERIVVgN3p2Rp+KF+SxLnECe+3bcDCsQvLwf/Ih 192.168.1.70 (ECDSA)
  3. compare SHA256 fingerprints.
    If there are some differences that means some security issue and you should verify if there is no Man-in-the-middle attack used.

 

See also

  1. Bash - print fingerprints for SSHD keys (md5, sha-1, sha-A256 fingerprints)

References

Native Advertising
🚀
Get your tech brand or product in front of software developers.
For more information Contact us
Dirask - we help you to
solve coding problems.
Ask question.

â€ïžđŸ’» 🙂

Join