ssh how to verify your host key / avoid MIM attacks

SSH helps keep us secure in many ways, one of those is the host-key fingerprint which is unique.  If you have been connecting to an SSH server that you've made no changes to and suddenly ssh warns that the key doesn't match then you have a problem.

But how about connecting to an existing server for the first time on a new machine or client?

A lot of new clients calculate it using an SHA256 hash but it is not as easy on your host machine to produce the same style hash without some hacking around.

The authenticity of host 'somehow (172.16.5.2)' can't be established.
RSA key fingerprint is SHA256:alalalalleieieieieiala.
Are you sure you want to continue connecting (yes/no)?

So we can get the MD5 hash by using this option:

ssh -o fingerprinthash=md5 user@host
The authenticity of host 'somehow (172.16.5.2)' can't be established.
RSA key fingerprint is MD5:aa:sldka;:ksdkjd::kala:kfdkls:1.
Are you sure you want to continue connecting (yes/no)?

 

How do we get the md5 hash on our host?

ssh-keygen -l -f /etc/ssh/ssh_host_key.pub
aa:sldka;:ksdkjd::kala:kfdkls:1 /etc/ssh/ssh_host_key.pub (RSA1)

 

On newer versions you will need to do it like this:

ssh-keygen -l -f /etc/ssh/ssh_host_key.pub -E md5


Tags:

ssh, verify, mim, attacksssh, fingerprint, connecting, server, ve, warns, doesn, existing, calculate, sha, hash, hacking, authenticity, established, rsa, alalalalleieieieieiala, md, fingerprinthash, user, aa, sldka, ksdkjd, kala, kfdkls, keygen, etc, ssh_host_key, pub, newer, versions,

Latest Articles

  • Linux tftp listens on all interfaces and IPs by DEFAULT Security Risk Hole Solution
  • python import docx error
  • Cisco Unified Communications Manager Express Cheatsheet CUCME CME
  • Linux Ubuntu Debian Missing privilege separation directory: /var/run/sshd
  • bash how to count the number of columns or words in a line
  • bash if statement how to test program output without assigning to variable
  • RTNETLINK answers: Network is unreachable
  • Centos 7 how to save iptables rules like Centos 6
  • nfs tuning maximum amount of connections
  • qemu-kvm error "Could not initialize SDL(No available video device) - exiting"
  • Centos 7 tftpd will not work with selinux enabled
  • Debian Ubuntu Mint Howto Create Bridge (br0)
  • How To Control Interface that dhcpd server listens to on Debian based Linux like Mint and Ubuntu
  • LUKS unable to type password to unlock during boot on Debian, Ubuntu and Mint
  • Debian Ubuntu and Linux Mint Broken Kernel After Date - New Extra Module Naming Convention
  • Wordpress overwrites and wipes out custom htaccess rules and changes soluton
  • Apache htaccess and mod_rewrite how to redirect and force all URLs and visitors to the SSL / HTTPS version
  • python 3 pip cannot install mysql module
  • QEMU-KVM won't boot Windows 2016 or 2019 server on an Intel Core i3
  • Virtualbox vbox not starting