Obtain and verify your SSH key fingerprint

Sometimes you find that the SSH key has changed after logging on to a machine. This situation may be caused by man-in-the-middle attacks, but in more cases, the host is rebuilt, A new SSH key is generated (so when you recreate the server, you need to develop a good habit of saving and restoring the SSH key ).

So how should I check the fingerprint?

You can directly obtain the public key from the remote server through the network:

 

Ssh-keyscan-p 22-t rsa, dsa remote_host>/tmp/ssh_host_rsa_dsa_key.pub

Then you can use this file to generate a fingerprint:

Ssh-keygen-l-f/tmp/ssh_host_rsa_dsa_key.pub

However, if your key is changed under other factors and you want to explore the reasons for the change, the network approach is not enough. Try other methods to log on to the real machine (such as through the Management Console or KVM console), and then generate a fingerprint:

Ssh-keygen-lf/etc/ssh/ssh_host_dsa_key

Ssh-keygen-lf/etc/ssh/ssh_host_rsa_key

Then, compare it with your fingerprint obtained through the network. If they match, everything is fine. If they do not match, you may be in trouble.

If the fingerprint does not match, you should first perform a network scan for the ARP request to see which IP Address has responded to the ARP request. During ping, scan to see if there are any ARP requests. If there are two hosts, they will "Snap" each other for an ARP entry, and you should be able to see two responses.

Once you know the ethernet address of the mysterious host, you can track ARP traffic through the routing (or switch) interface.

Original article: http://administratosphere.wordpress.com/2011/05/28/getting-and-verifying-ssh-fingerprints/

 

[SSH key fingerprint]

To avoid man-in-the-middle attacks, when the Administrator remotely connects to the host through SSH, SSH generates host fingerprints and requests them to be saved. The server administrator can send a key fingerprint to the client to verify the authenticity of the server upon the first login. In subsequent connections, the system will verify that the fingerprint matches the saved fingerprint. If the password does not match, SSH will give a warning about the key change.