EN
SSH - verify used local and server key fingerprints (Windows - Linux connection verification)
6 points
In this short article, we would like to show you, how to verify used locally SSH keys with the keys stored on the Linux server using ssh-keygen
under Bash.
Note: the below examples use as default SHA-256 algorithm, to change it add
-E md5
or-E sha1
parameter.
Simple steps:
- run locally on your PC (with Windows) following command:
xxxxxxxxxx
1ssh-keygen.exe -l -f ~/.ssh/known_hosts
2
3# or:
4
5ssh-keygen.exe -l -f /c/Users/my_user_directory/.ssh/known_hosts
Example output:
xxxxxxxxxx
1256 SHA256:rk8GxMsKnFLTXd1VW57up4wQqqn5qbfDaIeO27ks3jv 192.168.1.70 (ED25519)
22048 SHA256:sihm43JhFtQ+p1XTUpsQfzt2v2ViJcEwGZpDf8Pslb5 192.168.1.70 (RSA)
3256 SHA256:nwbsQERIVVgN3p2Rp+KF+SxLnECe+3bcDCsQvLwf/Ih 192.168.1.70 (ECDSA)
- run on your server (with Linux) following commands:
xxxxxxxxxx
1ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub
2ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
3ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key.pub
Example outputs:
xxxxxxxxxx
1256 SHA256:rk8GxMsKnFLTXd1VW57up4wQqqn5qbfDaIeO27ks3jv 192.168.1.70 (ED25519)
22048 SHA256:sihm43JhFtQ+p1XTUpsQfzt2v2ViJcEwGZpDf8Pslb5 192.168.1.70 (RSA)
3256 SHA256:nwbsQERIVVgN3p2Rp+KF+SxLnECe+3bcDCsQvLwf/Ih 192.168.1.70 (ECDSA)
- compare SHA256 fingerprints.
If there are some differences that means some security issue and you should verify if there is no Man-in-the-middle attack used.