User Tools

Site Tools

Trace: ssl_fingerprint
ssl_fingerprint

This is an old revision of the document!

Public Fingerprint

Overview
Used for identification/verification of the host you are connecting to


Explanation

A public key is encoded into a sequence of bytes (hashed with SHA1/SHA2) - this can then be recreated when next connecting to the device to verify that the device is the same device you connected to before.

If the fingerprint has changed, it means the machine you are connecting to has had their public key changed.
This could be due to OS re-installs, re-installing ssh
However this could also mean that the machine you are connecting to is different. If you are sshing to a domain then the server behind the domain may have changed, or you could be targeted by a main-in-the-middle attack where the attacker somehow intercepts/reroutes your ssh connection to a different machine. They could be doing this to snoop your username and password combination.

A servers public key is stored: 

/etc/ssh/ssh_host_rsa_key.pub



The authenticity of host 'x.x.x.x (x.x.x.x)' can't be established.
RSA key fingerprint is 59:c7:8c:34:e7:97:c1:3z:e4:3a:13:e2:g6:39:7c:k9.
Are you sure you want to continue connecting (yes/no)?


Security Threats

- Man-in-the-middle Attack
- Preimage Attack
- Collision Attack

http://www.phcomp.co.uk/Tutorials/Unix-And-Linux/ssh-check-server-fingerprint.html
https://en.wikipedia.org/wiki/Public_key_fingerprint
http://www.lysium.de/blog/index.php?/archives/186-How-to-get-ssh-server-fingerprint-information.html

ssl_fingerprint.1462516986.txt.gz · Last modified: 2024/05/23 07:26 (external edit)
Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
Public Domain Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki