faq_hostkey » Revisions »
Differences
This shows you the differences between the selected revisions of the page.
| 2015-07-06 | 2015-12-07 | ||
| typo (martin) | subtitles (martin) | ||
| Line 1: | Line 1: | ||
| ====== Where do I get SSH host key fingerprint to authorize the server? ====== | ====== Where do I get SSH host key fingerprint to authorize the server? ====== | ||
| + | ===== Host key fingerprint is an integral part of session information ===== | ||
| You should get an SSH host key fingerprint along with your credentials from a server administrator. Knowing the host key fingerprint and thus [[ssh_verifying_the_host_key|being able to verify it]] is an integral part of securing an SSH connection. It prevents [[wp>Man-in-the-middle_attack|man-in-the-middle attacks]]. | You should get an SSH host key fingerprint along with your credentials from a server administrator. Knowing the host key fingerprint and thus [[ssh_verifying_the_host_key|being able to verify it]] is an integral part of securing an SSH connection. It prevents [[wp>Man-in-the-middle_attack|man-in-the-middle attacks]]. | ||
| + | |||
| + | ===== Safely obtaining host key ===== | ||
| In the real world, most administrators do not provide the host key fingerprint. | In the real world, most administrators do not provide the host key fingerprint. | ||
| Line 9: | Line 12: | ||
| Once connected, go to a //[[ui_fsinfo|Server and Protocol Information Dialog]]//. See a //Server Host key Fingerprint// box. | Once connected, go to a //[[ui_fsinfo|Server and Protocol Information Dialog]]//. See a //Server Host key Fingerprint// box. | ||
| + | |||
| + | ===== Host key of your virtual server ===== | ||
| A special case is getting host key of a server, that you are an administrator of yourself, yet you do not have a direct secure line to connect through. This is common for virtual servers or servers in a cloud. In such case a server provider should have a specific solution. For example a specialized server in the same private network as your server, with publicly known host keys. You can connect to this specialized server and from it, securely connect to your server (e.g. using %%SSH%% terminal). As you are connecting within private network, you can safely trust any host key. Once connected to your server, acquire its host key. With that you can finally connect directly yet securely over a public network. Alternatively, the server provider can provide the host key via some administrative interface. For example see a solution for [[guide_amazon_ec2|Amazon EC2]], [[guide_google_compute_engine|Google Compute Engine]] or [[guide_microsoft_azure#linux|Microsoft Azure]]. | A special case is getting host key of a server, that you are an administrator of yourself, yet you do not have a direct secure line to connect through. This is common for virtual servers or servers in a cloud. In such case a server provider should have a specific solution. For example a specialized server in the same private network as your server, with publicly known host keys. You can connect to this specialized server and from it, securely connect to your server (e.g. using %%SSH%% terminal). As you are connecting within private network, you can safely trust any host key. Once connected to your server, acquire its host key. With that you can finally connect directly yet securely over a public network. Alternatively, the server provider can provide the host key via some administrative interface. For example see a solution for [[guide_amazon_ec2|Amazon EC2]], [[guide_google_compute_engine|Google Compute Engine]] or [[guide_microsoft_azure#linux|Microsoft Azure]]. | ||
| + | |||