SSH - verify used local and server key fingerprints (Windows - Linux connection verification)

In this short article, we would like to show you, how to verify used locally SSH keys with the keys stored on the Linux server using ssh-keygen under Bash.

Note: the below examples use as default SHA-256 algorithm, to change it add -E md5 or -E sha1 parameter.

Simple steps:

1. run locally on your PC (with Windows) following command:
   Copy

   xxxxxxxxxx

    

   1

   ssh-keygen.exe -l -f ~/.ssh/known_hosts

   2

   ​

   3

   # or:

   4

   ​

   5

   ssh-keygen.exe -l -f /c/Users/my_user_directory/.ssh/known_hosts

   Example output:

   Copy

   xxxxxxxxxx

    

   1

   256 SHA256:rk8GxMsKnFLTXd1VW57up4wQqqn5qbfDaIeO27ks3jv 192.168.1.70 (ED25519)

   2

   2048 SHA256:sihm43JhFtQ+p1XTUpsQfzt2v2ViJcEwGZpDf8Pslb5 192.168.1.70 (RSA)

   3

   256 SHA256:nwbsQERIVVgN3p2Rp+KF+SxLnECe+3bcDCsQvLwf/Ih 192.168.1.70 (ECDSA)
    
2. run on your server (with Linux) following commands:
   Copy

   xxxxxxxxxx

    

   1

   ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub

   2

   ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub

   3

   ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key.pub

   Example outputs:

   Copy

   xxxxxxxxxx

    

   1

   256 SHA256:rk8GxMsKnFLTXd1VW57up4wQqqn5qbfDaIeO27ks3jv 192.168.1.70 (ED25519)

   2

   2048 SHA256:sihm43JhFtQ+p1XTUpsQfzt2v2ViJcEwGZpDf8Pslb5 192.168.1.70 (RSA)

   3

   256 SHA256:nwbsQERIVVgN3p2Rp+KF+SxLnECe+3bcDCsQvLwf/Ih 192.168.1.70 (ECDSA)
    
3. compare SHA256 fingerprints.
   If there are some differences that means some security issue and you should verify if there is no Man-in-the-middle attack used.

1. Bash - print fingerprints for SSHD keys (md5, sha-1, sha-A256 fingerprints)

• Man-in-the-middle attack - Wikipedia