Differences
This shows you the differences between the selected revisions of the page.
| 2014-07-21 | 2014-07-21 | ||
| limit acronym recognition (martin) | be more definitive about security on private network (martin) | ||
| Line 20: | Line 20: | ||
| * Host key fingerprint: On the first connect you will be prompted to [[ssh_verifying_the_host_key|verify server host key]]. | * Host key fingerprint: On the first connect you will be prompted to [[ssh_verifying_the_host_key|verify server host key]]. | ||
| * You can locate key fingerprint in server's initial start log, when host keys are generated.((Using ''cloud-init'' script.)) Use //Actions > Get System Log// command on //Instances// page of Amazon EC2 console: \\ \\ &screenshotpict(ec2_hostkey) \\ \\ Alternatively use ''[[http://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/ApiReference-cmd-GetConsoleOutput.html|ec2-get-console-output]]'' command-line tool. \\ Look for RSA (or DSA) key fingerprint. WinSCP does not support ECDSA keys. | * You can locate key fingerprint in server's initial start log, when host keys are generated.((Using ''cloud-init'' script.)) Use //Actions > Get System Log// command on //Instances// page of Amazon EC2 console: \\ \\ &screenshotpict(ec2_hostkey) \\ \\ Alternatively use ''[[http://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/ApiReference-cmd-GetConsoleOutput.html|ec2-get-console-output]]'' command-line tool. \\ Look for RSA (or DSA) key fingerprint. WinSCP does not support ECDSA keys. | ||
| - | * If you did not save the fingerprint on the first instance run, but you have another EC2 instance that you can connect to safely (you know its fingerprints), you can connect to the target instance using private IP from the trusted instance. Staying within private Amazon network should keep you safe from [[wp>Man-in-the-middle_attack|man-in-the-middle attacks]]. When on the trusted instance terminal, you can use following commands to collect fingerprints: \\ <code> | + | * If you did not save the fingerprint on the first instance run, but you have another EC2 instance that you can connect to safely (you know its fingerprints), you can connect to the target instance using private IP from the trusted instance. Staying within private Amazon network keeps you safe from [[wp>Man-in-the-middle_attack|man-in-the-middle attacks]]. When on the trusted instance terminal, you can use following commands to collect fingerprints: \\ <code> |
| $ ssh-keyscan <target_instance_private_ip> > ec2key | $ ssh-keyscan <target_instance_private_ip> > ec2key | ||
| $ ssh-keygen -l -f ec2key | $ ssh-keygen -l -f ec2key | ||