Skip to content

Instantly share code, notes, and snippets.

@jcaraballo
Last active October 29, 2016 23:16
Show Gist options
  • Save jcaraballo/3926806 to your computer and use it in GitHub Desktop.
Save jcaraballo/3926806 to your computer and use it in GitHub Desktop.
SSH Cheatsheet

#Getting the fingerprints

The one associated to the server's ECDSA public key (the one that's normally shown when ssh-ing for the first time):

$ ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key.pub

Or, if RSA is negociated, the RSA public key

$ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub

The one associated to the user's public key

$ ssh-keygen -l -f ~/.ssh/id_rsa.pub

Aparently (http://superuser.com/questions/929566/sha256-ssh-fingerprint-given-by-the-client-but-only-md5-fingerprint-known-for-se) now there is a better format for the fingerprint to be shown. Unfortunately, your client and server might be showing different formats which might make the verification harder. If your server shows it MD5:XX:XX... (old format) and your client shows it SHA256:xxxxxx you might work around it by asking the client to show the fingerprint in the old format. I'm not sure how much of a good idea this is, as the new format is supposed to be more secure, but here you go:

$ ssh-keygen -l -f ~/.ssh/id_rsa.pub -o FingerprintHash=md5

The server can be instructed to generate the fingerprint in one of the formats with -E:

$ ssh-keygen -l -E SHA256 -f /etc/ssh/ssh_host_ecdsa_key.pub
256 SHA256:BIugQ/e03jWiuu2HkztRaZkOLASOId7l18rGe/G2wgA root@mymachine (ECDSA)
$ ssh-keygen -l -E MD5 -f /etc/ssh/ssh_host_ecdsa_key.pub
256 MD5:28:24:fb:53:4f:bf:05:9b:b5:50:3b:8d:16:b5:3c:b8 root@mymachine (ECDSA)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment