Mercurial > tips
changeset 2538:1f827ee55f7c default tip
list fingerprints of the server pub keys
| author | Oleksandr Gavenko <gavenkoa@gmail.com> |
|---|---|
| date | Sun, 03 Jul 2022 12:49:17 +0300 |
| parents | a222347b6993 |
| children | |
| files | ssh.rst |
| diffstat | 1 files changed, 27 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/ssh.rst Fri Jun 17 21:48:15 2022 +0300 +++ b/ssh.rst Sun Jul 03 12:49:17 2022 +0300 @@ -36,6 +36,7 @@ Show fingerprint:: ssh-keygen -l -f ~/.ssh/id_dsa + ssh-keygen -E md5 -l -f ~/.ssh/id_dsa Change passphrase of priv key:: @@ -52,8 +53,30 @@ $ ssh-copy-id $user@$host # alternative to previous command -To remove ``known_hosts`` key (usually need if you change server pubkey or -change server):: + +Dealing with server pubkeys +=========================== + +Each SSH server keeps a single priv key, sharing a common pub key with all clients. It is an +identity of the server and upon a new connection you are asked to trust this pub key. After +accepting the pub key it is written to ``~/.ssh/known_hosts``. + +To list advertized pub keys by a server (``-H`` is host hashing/hiding host name):: + + ssh-keyscan $HOST + ssh-keyscan -H $HOST + +To list fingerprints of the server pub keys:: + + ssh-keygen -lf <(ssh-keyscan $HOST 2>/dev/null) + +To ensure MD5 output format (which is usually displayed with vast majority of existing SSH +clients):: + + ssh-keygen -E md5 -lf <(ssh-keyscan $HOST 2>/dev/null) + +To remove ``known_hosts`` key (it is usually needed if you change a server pubkey or change a +server):: $ ssh-keygen -R hostname $ ssh-keygen -R hostname -f ~/.ssh/known_hosts @@ -64,8 +87,8 @@ ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no user@host -Shell login. -============ +Shell login +=========== :: $ ssh $user@$host