# HG changeset patch # User Oleksandr Gavenko # Date 1656841757 -10800 # Node ID 1f827ee55f7caad57a35267d836b428cb52f49eb # Parent a222347b6993a1ec31942f33f32efee0fc469200 list fingerprints of the server pub keys diff -r a222347b6993 -r 1f827ee55f7c ssh.rst --- a/ssh.rst Fri Jun 17 21:48:15 2022 +0300 +++ b/ssh.rst Sun Jul 03 12:49:17 2022 +0300 @@ -36,6 +36,7 @@ Show fingerprint:: ssh-keygen -l -f ~/.ssh/id_dsa + ssh-keygen -E md5 -l -f ~/.ssh/id_dsa Change passphrase of priv key:: @@ -52,8 +53,30 @@ $ ssh-copy-id $user@$host # alternative to previous command -To remove ``known_hosts`` key (usually need if you change server pubkey or -change server):: + +Dealing with server pubkeys +=========================== + +Each SSH server keeps a single priv key, sharing a common pub key with all clients. It is an +identity of the server and upon a new connection you are asked to trust this pub key. After +accepting the pub key it is written to ``~/.ssh/known_hosts``. + +To list advertized pub keys by a server (``-H`` is host hashing/hiding host name):: + + ssh-keyscan $HOST + ssh-keyscan -H $HOST + +To list fingerprints of the server pub keys:: + + ssh-keygen -lf <(ssh-keyscan $HOST 2>/dev/null) + +To ensure MD5 output format (which is usually displayed with vast majority of existing SSH +clients):: + + ssh-keygen -E md5 -lf <(ssh-keyscan $HOST 2>/dev/null) + +To remove ``known_hosts`` key (it is usually needed if you change a server pubkey or change a +server):: $ ssh-keygen -R hostname $ ssh-keygen -R hostname -f ~/.ssh/known_hosts @@ -64,8 +87,8 @@ ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no user@host -Shell login. -============ +Shell login +=========== :: $ ssh $user@$host