Get the SSH fingerprint of an SSH server

If you’ve ever tried to connected to a new server over SSH, you would’ve seen a message similar to the following:

# ssh iridium
The authenticity of host ‘[foo]’ can’t be established.
RSA key fingerprint is a2:b9:c5:d3:e5:fc:a6:b3:c7:da:e1:f0:ac:b9:c9:d5.
Are you sure you want to continue connecting (yes/no)?

Then you may have wondered, “Well, what *is* the fingerprint of my server supposed to be?”. Basically, in order to do the authentication of the host, you should run the command below (at SSH server install time, or over a “secure” channel) in order to get your hosts SSH fingerprint:

# ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub
2048 a2:b9:c5:d3:e5:fc:a6:b3:c7:da:e1:f0:ac:b9:c9:d5 root@foo (RSA)

You should then be able to compare the two fingerprints to determine whether the server you’re connecting to is in fact the one you’re trying to connect to and isn’t some sort of honeypot.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.