-2

During the 1st SSH connection with a new Linux server (Ubuntu), I am presented with a key fingerprint in a format such as:

ECDSA key fingerprint is SHA256:Dvj5iH81LekYL2qA6VY1NkzXTB1TSkH+yc3kVclgGBc.
Are you sure you want to continue connecting (yes/no)? yes

When I then want to compare this fingerprint with the fingerprint I can generate myself, I use

ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key.pub

Unfortunately, this outputs the fingerprint in a different format, such as:

256 b1:53:22:1c:71:5e:11:f1:6c:a0:97:78:42:17:1b:b0  root@Ubuntu-1404-trusty-64-minimal (ECDSA)

How do I make sure I get the same format in both cases, so I can compare easily?

TomDogg
  • 3,803
  • 5
  • 33
  • 60

2 Answers2

3

The answer of Jakuje will allow you to compare hashes, but it forces you to keep on using MD5 hashes for verification. MD5 has been shown vulnerable to collision attacks, making it a poor choice for fingerprint verification.

A more secure approach is to generate the SHA256 fingerprint on the server by hand. You can do this by typing:

awk '{print $2}' /etc/ssh/ssh_host_ecdsa_key.pub | base64 -d | sha256sum | awk '{print $1}' | xxd -r -p | base64 | rev | cut -c 2- | rev

Using this approach, you can verify the fingerprint while reaping the full benefits of using SHA256 fingerprints. I wrote a more extensive version of this answer on https://whatsecurity.nl/verifying_ssh_fingerprints_in_new_form.html.

WhatSecurity
  • 31
  • 2
1

This is recent change in openssh-6.8, because all we know that md5 is broken and we should start using something more recent. But the transition is not so smooth so you should be aware of the new option FingerprintHash. You can store in your ssh_config or just provide on command-line when you connect to the server:

ssh -o FingerprintHash=md5 server

You can't get SHA256 fingerprint of your server key, because the server has probably old version of openssh and does not support this so far.

Jakuje
  • 24,773
  • 12
  • 69
  • 75