Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Understanding Fingerprints

Ambrosia7177

Ambrosia7177

macrumors 68020
Original poster
Feb 6, 2016
2,207
428
Been having a debate with some friends over how SSH fingerprints work, and am hoping someone can help me figure out the truth.

First of all, how is a fingerprint created? One thing I read said it is a representation of the public key on the server, but I thought it was derived from the server's environment too.

Secondly, I was told that the first time you use SSH, that the fingerprint is still on the server, so you will always get an error stating that the server's IP is unknown. Then after you blindly say "yes", that the fingerprint is transferred over SSH to you local computer and stored in a "known_hosts" file which is created at the time.

I have some more questions, but guess I need to understand how the above two things work first.

Thanks,


Larry
 
My OP may seem out of place, but one reason I posted here is because I have reason to believe OS-X Terminal has cached an old fingerprint which is not matching my server. I figured I should try to better understand how SSH and fingerprints work before blaming Terminal.
 
Yes, you have the right idea. The file in question is ~/.ssh/known_hosts. There is one host per line in the file. The first field is a command separate list of hosts associated with the key, the second field is the key type, the third field is the server's public key fingerprint. The first time you connect to a server, SSH remembers the key. The idea is after that if the key changes then something has gone 'wrong'. It could be that someone else is trying to trick you by getting you to connect to another server masquerading at the the one you thought you were connecting to. Another possibility is that the admin of the original server did something to change the server's key. The 'ssh' utility can't tell the difference, so it will complain. You have to decide what to do about it. Either remove the hosts previous key in your known_hosts file and use the new one or talk to the server's admin to figure out why the key changed.
 
mfram said:
Yes, you have the right idea. The file in question is ~/.ssh/known_hosts. There is one host per line in the file. The first field is a command separate list of hosts associated with the key, the second field is the key type, the third field is the server's public key fingerprint. The first time you connect to a server, SSH remembers the key. The idea is after that if the key changes then something has gone 'wrong'. It could be that someone else is trying to trick you by getting you to connect to another server masquerading at the the one you thought you were connecting to. Another possibility is that the admin of the original server did something to change the server's key. The 'ssh' utility can't tell the difference, so it will complain. You have to decide what to do about it. Either remove the hosts previous key in your known_hosts file and use the new one or talk to the server's admin to figure out why the key changed.
Click to expand...

Is it correct that the fingerprint is created on the server?

And is it correct that it is based on just the public key?
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back