faq_hostkey » Revisions »
Differences
This shows you the differences between the selected revisions of the page.
| faq_hostkey 2021-05-20 | faq_hostkey 2024-09-10 (current) | ||
| Line 21: | Line 21: | ||
| You can also have the fingerprint displayed in an %%SSH%% terminal using ''[[https://man.openbsd.org/ssh-keygen|ssh-keygen]]'' command (on *nix servers that use OpenSSH server). For example: | You can also have the fingerprint displayed in an %%SSH%% terminal using ''[[https://man.openbsd.org/ssh-keygen|ssh-keygen]]'' command (on *nix servers that use OpenSSH server). For example: | ||
| - | <code> | + | <code bash> |
| - | ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key | + | ssh-keygen -l -f /etc/<nohilite>ssh</nohilite>/ssh_host_rsa_key |
| </code> | </code> | ||
| To display all available host keys, you can use: | To display all available host keys, you can use: | ||
| - | <code bash>for f in /etc/ssh/ssh_host_*_key; do ssh-keygen -l -f "$f"; done</code> | + | <code bash>for f in /etc/<nohilite>ssh</nohilite>/ssh_host_*_key; do ssh-keygen -l -f "$f"; done</code> |
| OpenSSH 6.8 and newer shows SHA-256 fingerprint by default. Older versions use MD5 fingerprint. | OpenSSH 6.8 and newer shows SHA-256 fingerprint by default. Older versions use MD5 fingerprint. | ||
| - | -----BEGIN SSH HOST KEY KEYS----- | + | ===== Host key of your virtual server ===== |
| - | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKL8MDSo7u3qQgoTSyDrVEGAvnjDg6tIruQ4v81TNiFNK/3e97HDygbJuEHooA+jjyeqdkTOISu2GWjtm7BucS4= root@mariadb-103 | + | |
| - | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFnage2tdOu7uMCZkF79ntKBfi56ndWbYjfEHtPrQKsc root@mariadb-103 | + | A special case is getting host key of a server, that you are an administrator of yourself, yet you do not have a direct secure line to connect through. This is common for virtual servers or servers in a cloud. In such case a server provider should have a specific solution. For example a specialized server in the same private network as your server, with publicly known host keys. You can connect to this specialized server and from it, securely connect to your server (e.g. using %%SSH%% terminal). As you are connecting within private network, you can safely trust any host key. Once connected to your server, acquire its host key. With that you can finally connect directly yet securely over a public network. Alternatively, the server provider can provide the host key via some administrative interface. For example see a solution for [[guide_amazon_ec2|Amazon EC2]], [[guide_google_compute_engine|Google Compute Engine]] or [[guide_microsoft_azure#linux|Microsoft Azure]]. |
| - | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9h+IZ6w8HVq93GrtRbeo9ixXY+Cwj+ZwF0cae/2aJl2IHEuwWZpwbSBEU2PIytzU+Pyjli/Z6nDb5K7n3SkgxwV9YKXFY225K6XVfdTLo/IkMtrso4uTp10hBJcCojWARmzqEigGo3dl8fXI82//41rI75GBGgGDxnRurc9wAqKd6DCkUUdRyjKQBOFREjqzInMs8T03kNV8lxfZxKdcUEOlD/lspvPbinT5j8ko04kD2j9r5gNNrYM77q9+tvFyC97sHpeY7f54cGntgbGSkyN0hBYR9IALPr5uaIOgP1kBsJKmvlOGjGZHEQzH8I7ghIuhIwQW5+POF9NMU6t5d root@mariadb-103 | + | |
| - | -----END SSH HOST KEY KEYS----- | + | |
| ===== [[automation]] Automatic host key verification ===== | ===== [[automation]] Automatic host key verification ===== | ||