ssh how to verify your host key / avoid MIM attacks

SSH helps keep us secure in many ways, one of those is the host-key fingerprint which is unique.  If you have been connecting to an SSH server that you've made no changes to and suddenly ssh warns that the key doesn't match then you have a problem.

But how about connecting to an existing server for the first time on a new machine or client?

A lot of new clients calculate it using an SHA256 hash but it is not as easy on your host machine to produce the same style hash without some hacking around.

The authenticity of host 'somehow (172.16.5.2)' can't be established.
RSA key fingerprint is SHA256:alalalalleieieieieiala.
Are you sure you want to continue connecting (yes/no)?

So we can get the MD5 hash by using this option:

ssh -o fingerprinthash=md5 user@host
The authenticity of host 'somehow (172.16.5.2)' can't be established.
RSA key fingerprint is MD5:aa:sldka;:ksdkjd::kala:kfdkls:1.
Are you sure you want to continue connecting (yes/no)?

 

How do we get the md5 hash on our host?

ssh-keygen -l -f /etc/ssh/ssh_host_key.pub
aa:sldka;:ksdkjd::kala:kfdkls:1 /etc/ssh/ssh_host_key.pub (RSA1)

 

On newer versions you will need to do it like this:

ssh-keygen -l -f /etc/ssh/ssh_host_key.pub -E md5


Tags:

ssh, verify, mim, attacksssh, fingerprint, connecting, server, ve, warns, doesn, existing, calculate, sha, hash, hacking, authenticity, established, rsa, alalalalleieieieieiala, md, fingerprinthash, user, aa, sldka, ksdkjd, kala, kfdkls, keygen, etc, ssh_host_key, pub, newer, versions,

Latest Articles

  • How to allow SSH root user access in Linux/Debian/Mint/RHEL/Ubuntu/CentOS
  • Ansible Tutorial - Playbook How To Install From Scratch and Deploy LAMP + Wordpress on Remote Server
  • Ceph Install Errors on Proxmox / How To Fix Solution
  • Proxmox Update Error https://enterprise.proxmox.com/debian/pve bullseye InRelease 401 Unauthorized [IP: 144.217.225.162 443]
  • QEMU/KVM How to Hot-add A Virtual Disk .raw/.qcow2 via QEMU Monitor Commands
  • Proxmox How To Enable Ceph Distributed Storage Cluster with OSD and Pools
  • pulseaudio issue on QEMU/KVM guest VM when microphone is replugged/unplugged pulseaudio: pa_threaded_mainloop_lock failed pulseaudio: Reason: Invalid argument
  • Ubuntu Linux Mint - Volume Control Stopped Working
  • Proxmox Services Won't Start Failed to start The Proxmox VE cluster filesystem. Proxmox VE firewall. PVE Status Daemon. Proxmox VE scheduler. PVE Cluster HA Resource Manager Daemon. PVE Local HA Resource Manager Daemon.
  • Proxmox Guide FAQ / Errors / Howto
  • Virtualbox Vbox Issue Cannot Enable Nested Virtualization Button is Grayed/Greyed Out and Unclickable HowTo Solution
  • Virtualbox VBOX Howto Port Forward To Guests
  • Linux Ubuntu Debian Centos Mint - How To Check if Intel VT-x or AMD-V Hardware Virtualization is Enabled?
  • Linux Howto Zip Multiple Files and Directories
  • Windows Cannot Format USB drive Device Media is Write Protected Error Solution
  • Linux Mint 20 cannot install snapd missing solution
  • Virtualbox VBOX How To Install Guest-Utils/GuestUtils so drag and drop and clipboard works Ubuntu Mint Debian Linux
  • How to install Kubernetes with microk8s and deploy apps on Debian/Mint/Ubuntu Linux
  • vi how to delete everything to the end of the line or the rest of the line from the cursor
  • Cisco Howto Configure Console Port/Terminal/Comm Server with Async Cable Setup