3

I just created my first VPS host on OVHcloud. When I ssh for the first time I see:

The authenticity of host 'X.X.X.X (X.X.X.X)' can't be established.
ECDSA key fingerprint is SHA256:<the-fingerprint>.
Are you sure you want to continue connecting (yes/no/[fingerprint])?

Is there a way to verify this fingerprint? I know that people most of the time ignore the possibility of a MITM here and skip the check. But most of the time the first connection happens within an internal network, which isn't the case here.

Alternatively I'd be happy to upload an ssh public key to the server using the web manager. But I haven't found a way to do that.

SII_of_SII
  • 83
  • 4

2 Answers2

2

The answer is yes.

I just discovered you can connect to the KVM directly from the OVH manager, thus connecting through tty1.

Go to your OVH manager, and in your VPS page, there should be a part that says "Name". There is then an option in the dropdown menu, "KVM" which let's you locally connect to your VPS through a QEMU instance.

You can get your fingerprints after logging in in this manner.

enter image description here

ChemiCalChems
  • 612
  • 12
  • 31
  • 1
    In case others weren't sure what to precisely do after, run `ssh-keygen -lf /etc/ssh/ssh_host_ed25519_key.pub`, though the key name depends on the encryption algorithm. – Kyle Feb 11 '23 at 05:01
  • I'm interested in an API alternative not requiring human interaction, if you are aware of any (except than web-scraping the OVH Cloud panel for doing the KVM manipulation). – Benjamin Loison May 22 '23 at 22:45
1

The answer is no for both questions:

  • When OVH spawn your VPS, they don't check/gather the auto generated ECDSA key (the ones in /etc/ssh/ssh_hosts_ecdsa*). So for the first connection, there is no way to verify this fingerprint.

  • For the SSH key upload through the OVH Manager, this is sadly not possible neither. You have to upload it by yourself with ssh-copy-id root@vpsXXX. Note that it's possible on OVH's Public Cloud Instances, but not for VPS.

Benjamin Loison
  • 3,782
  • 4
  • 16
  • 33
Pierre
  • 2,552
  • 5
  • 26
  • 47
  • 1
    Too bad. It seems they've almost got the capability to set an ssh public key: There's an option to reimage the OS with a key included. Unfortunately there doesn't seem to be a way to upload a key that can be used in this reimage option. As you say, seems the uploaded keys are only visible to Public Cloud, not VPS. – SII_of_SII Nov 06 '20 at 15:50