ssh how to verify your host key / avoid MIM attacks

SSH helps keep us secure in many ways, one of those is the host-key fingerprint which is unique.  If you have been connecting to an SSH server that you've made no changes to and suddenly ssh warns that the key doesn't match then you have a problem.

But how about connecting to an existing server for the first time on a new machine or client?

A lot of new clients calculate it using an SHA256 hash but it is not as easy on your host machine to produce the same style hash without some hacking around.

The authenticity of host 'somehow (172.16.5.2)' can't be established.
RSA key fingerprint is SHA256:alalalalleieieieieiala.
Are you sure you want to continue connecting (yes/no)?

So we can get the MD5 hash by using this option:

ssh -o fingerprinthash=md5 user@host
The authenticity of host 'somehow (172.16.5.2)' can't be established.
RSA key fingerprint is MD5:aa:sldka;:ksdkjd::kala:kfdkls:1.
Are you sure you want to continue connecting (yes/no)?

 

How do we get the md5 hash on our host?

ssh-keygen -l -f /etc/ssh/ssh_host_key.pub
aa:sldka;:ksdkjd::kala:kfdkls:1 /etc/ssh/ssh_host_key.pub (RSA1)

 

On newer versions you will need to do it like this:

ssh-keygen -l -f /etc/ssh/ssh_host_key.pub -E md5


Tags:

ssh, verify, mim, attacksssh, fingerprint, connecting, server, ve, warns, doesn, existing, calculate, sha, hash, hacking, authenticity, established, rsa, alalalalleieieieieiala, md, fingerprinthash, user, aa, sldka, ksdkjd, kala, kfdkls, keygen, etc, ssh_host_key, pub, newer, versions,

Latest Articles

  • How To Add Windows 7 8 10 11 to GRUB Boot List Dual Booting
  • How to configure OpenDKIM on Linux with Postfix and setup bind zonefile
  • Debian Ubuntu 10/11/12 Linux how to get tftpd-hpa server setup tutorial
  • efibootmgr: option requires an argument -- 'd' efibootmgr version 15 grub-install.real: error: efibootmgr failed to register the boot entry: Operation not permitted.
  • Apache Error Won't start SSL Cert Issue Solution Unable to configure verify locations for client authentication SSL Library Error: 151441510 error:0906D066:PEM routines:PEM_read_bio:bad end line SSL Library Error: 185090057 error:0B084009:x509 certif
  • Linux Debian Mint Ubuntu Bridge br0 gets random IP
  • redis requirements
  • How to kill a docker swarm
  • docker swarm silly issues
  • isc-dhcp-server dhcpd how to get longer lease
  • nvidia cannot resume from sleep Comm: nvidia-sleep.sh Tainted: Linux Ubuntu Mint Debian
  • zfs and LUKS how to recover in Linux
  • [error] (28)No space left on device: Cannot create SSLMutex Apache Solution Linux CentOS Ubuntu Debian Mint
  • Save money on bandwidth by disabling reflective rpc queries in Linux CentOS RHEL Ubuntu Debian
  • How to access a disk with bad superblock Linux Ubuntu Debian Redhat CentOS ext3 ext4
  • ImageMagick error convert solution - convert-im6.q16: cache resources exhausted
  • PTY allocation request failed on channel 0 solution
  • docker error not supported as upperdir failed to start daemon: error initializing graphdriver: driver not supported
  • Migrated Linux Ubuntu Mint not starting services due to broken /var/run and dbus - Failed to connect to bus: No such file or directory solution
  • qemu-system-x86_64: Initialization of device ide-hd failed: Failed to get