I have been trying to figure out for a while how to determine the fingerprint of a server. I knew that doing ssh-keygen -l -f id_rsa.pub would yield a fingerprint, but I couldn’t figure out where the fingerprint was kept on a server. I don’t know why this was so hard for me to figure out. No amount of googling seemed to be helping me. But after simply doing a `man ssh` on the server, and then searching for the first appearance of “fingerprint” I found this:
When connecting to a server for the first time, a fingerprint of the server’s public key is presented to the user (unless the option StrictHostKeyChecking has been disabled). Fingerprints can be determined using ssh-keygen(1):
$ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_keyIf the fingerprint is already known, it can be matched and verified, and the key can be accepted. If the fingerprint is unknown, an alternative method of verification is available: SSH fingerprints verified by DNS. An additional resource record (RR), SSHFP, is added to a zonefile and the connecting client is able to match the fingerprint with that of the key presented.
*Note* that the file is different on a mac, but doing the same man lookup will tell you where it is. Sorry if most of you already knew this.
Happy ssh’ng
-Brian
Share:
