EN
SSH - verify used local and server key fingerprints (Windows - Linux connection verification)
6
points
In this short article, we would like to show you, how to verify used locally SSH keys with the keys stored on the Linux server using ssh-keygen
under Bash.
Note: the below examples use as default SHA-256 algorithm, to change it add
-E md5
or-E sha1
parameter.
Simple steps:
- run locally on your PC (with Windows) following command:
ssh-keygen.exe -l -f ~/.ssh/known_hosts # or: ssh-keygen.exe -l -f /c/Users/my_user_directory/.ssh/known_hosts
Example output:
256 SHA256:rk8GxMsKnFLTXd1VW57up4wQqqn5qbfDaIeO27ks3jv 192.168.1.70 (ED25519) 2048 SHA256:sihm43JhFtQ+p1XTUpsQfzt2v2ViJcEwGZpDf8Pslb5 192.168.1.70 (RSA) 256 SHA256:nwbsQERIVVgN3p2Rp+KF+SxLnECe+3bcDCsQvLwf/Ih 192.168.1.70 (ECDSA)
- run on your server (with Linux) following commands:
ssh-keygen -l -f /etc/ssh/ssh_host_ed25519_key.pub ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key.pub
Example outputs:
256 SHA256:rk8GxMsKnFLTXd1VW57up4wQqqn5qbfDaIeO27ks3jv 192.168.1.70 (ED25519) 2048 SHA256:sihm43JhFtQ+p1XTUpsQfzt2v2ViJcEwGZpDf8Pslb5 192.168.1.70 (RSA) 256 SHA256:nwbsQERIVVgN3p2Rp+KF+SxLnECe+3bcDCsQvLwf/Ih 192.168.1.70 (ECDSA)
- compare SHA256 fingerprints.
If there are some differences that means some security issue and you should verify if there is no Man-in-the-middle attack used.