faq_hostkey » Revisions »
Differences
This shows you the differences between the selected revisions of the page.
faq_hostkey 2019-06-04 | faq_hostkey 2023-07-03 (current) | ||
Line 27: | Line 27: | ||
To display all available host keys, you can use: | To display all available host keys, you can use: | ||
- | <code bash>for f in /etc/ssh/ssh_host_*_key; do ssh-keygen -l -f "$f"; done</code> | + | <code bash>for f in /etc/<nohilite>ssh</nohilite>/ssh_host_*_key; do ssh-keygen -l -f "$f"; done</code> |
OpenSSH 6.8 and newer shows SHA-256 fingerprint by default. Older versions use MD5 fingerprint. | OpenSSH 6.8 and newer shows SHA-256 fingerprint by default. Older versions use MD5 fingerprint. | ||
Line 45: | Line 45: | ||
In exceptional situations, when security is not required, such as when connecting within a trusted private network, you can use ''-hostkey=*'' or ''[[library_sessionoptions#giveupsecurityandacceptanysshhostkey|SessionOptions.GiveUpSecurityAndAcceptAnySshHostKey]]'' to blindly accept any host key. | In exceptional situations, when security is not required, such as when connecting within a trusted private network, you can use ''-hostkey=*'' or ''[[library_sessionoptions#giveupsecurityandacceptanysshhostkey|SessionOptions.GiveUpSecurityAndAcceptAnySshHostKey]]'' to blindly accept any host key. | ||
- | If you want to allow a user to manually verify the host key, use the ''[[library_session_scanfingerprint|Session.ScanFingerprint]]'' method to retrieve the key fingerprint. Then let the user to verify it and assign the verified value to the ''SessionOptions.SshHostKeyFingerprint'' property. | + | If you want to allow a user to manually verify the host key, use the ''[[library_session_scanfingerprint|Session.ScanFingerprint]]'' method to retrieve the key fingerprint. Then let the user to verify it and assign the verified value to the ''SessionOptions.SshHostKeyFingerprint'' property. For an example of an implementation see [[library_example_known_hosts|*]]. |