Differences

This shows you the differences between the selected revisions of the page.

faq_hostkey 2019-06-20 faq_hostkey 2024-09-10 (current)
Line 21: Line 21:
You can also have the fingerprint displayed in an %%SSH%% terminal using ''[[https://man.openbsd.org/ssh-keygen|ssh-keygen]]'' command (on *nix servers that use OpenSSH server). For example: You can also have the fingerprint displayed in an %%SSH%% terminal using ''[[https://man.openbsd.org/ssh-keygen|ssh-keygen]]'' command (on *nix servers that use OpenSSH server). For example:
-<code> +<code bash
-ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key+ssh-keygen -l -f /etc/<nohilite>ssh</nohilite>/ssh_host_rsa_key
</code> </code>
To display all available host keys, you can use: To display all available host keys, you can use:
-<code bash>for f in /etc/ssh/ssh_host_*_key; do ssh-keygen -l -f "$f"; done</code>+<code bash>for f in /etc/<nohilite>ssh</nohilite>/ssh_host_*_key; do ssh-keygen -l -f "$f"; done</code>
OpenSSH 6.8 and newer shows SHA-256 fingerprint by default. Older versions use MD5 fingerprint. OpenSSH 6.8 and newer shows SHA-256 fingerprint by default. Older versions use MD5 fingerprint.
Line 45: Line 45:
In exceptional situations, when security is not required, such as when connecting within a trusted private network, you can use ''-hostkey=*'' or ''[[library_sessionoptions#giveupsecurityandacceptanysshhostkey|SessionOptions.GiveUpSecurityAndAcceptAnySshHostKey]]'' to blindly accept any host key. In exceptional situations, when security is not required, such as when connecting within a trusted private network, you can use ''-hostkey=*'' or ''[[library_sessionoptions#giveupsecurityandacceptanysshhostkey|SessionOptions.GiveUpSecurityAndAcceptAnySshHostKey]]'' to blindly accept any host key.
-If you want to allow a user to manually verify the host key, use the ''[[library_session_scanfingerprint|Session.ScanFingerprint]]'' method to retrieve the key fingerprint. Then let the user to verify it and assign the verified value to the ''SessionOptions.SshHostKeyFingerprint'' property.+If you want to allow a user to manually verify the host key, use the ''[[library_session_scanfingerprint|Session.ScanFingerprint]]'' method to retrieve the key fingerprint. Then let the user to verify it and assign the verified value to the ''SessionOptions.SshHostKeyFingerprint'' property. For an example of an implementation see [[library_example_known_hosts|*]].

Last modified: by martin