0

A question for (primarily) the ssh/crypto experts:

I'm trying to validate the identity of a remote ssh server.

The server (or appliance) operator has given me fingerprints with various hash algorithms:

the fingerprints I was given

However, when I connect with ssh (or sftp) and it gives me the ECDSA sha256 and MD5 fingerprints, both do not match:

$ ssh -o UserKnownHostsFile=/dev/null user_redacted@remote_host_redacted
The authenticity of host 'remote_host_redacted (xx.xxx.xxx.xxx)' can't be established.
ECDSA key fingerprint is SHA256:6GdpQwqovGzbMqi7aCPyv3fvKS0KT9oGQzuOLRN0Ick.
ECDSA key fingerprint is MD5:fe:c2:7f:72:ef:5d:2e:a7:41:f5:09:a0:a6:e9:fc:dd.
Are you sure you want to continue connecting (yes/no)? no

HOWEVER, when I get the ssh-rsa key fingerprint and look purely at that, that one matches the one they gave as "ssh SHA256 B64":

$ ssh-keyscan remote_host_redacted 2>/dev/null | grep ssh-rsa | ssh-keygen -l -f -
2048 SHA256:SiZYpIkgjeBN6QvPk5dTuEzQNdKUOV3FMyjwRfzc/Do remote_host_redacted (RSA)

I assume, as a sort of crypto layman, that these ECDSA MD5, ECDSA SHA256 or ssh-rsa fingerprinting (SHA1 actually, I believe) are just different methods of generating a hash / fingerprint off of the same public host key?

So the question:

Is it actually possible that in a legit connection, without any MITM shenanigans, only the ssh-rsa fingerprint matches, but the others don't?

Or ultimately: would you consider this sufficiently trustworthy or not?

Thanks!

sark_work
  • 1
  • 2
  • 1
    ECDSA and RSA are _different keys_ (for different digital-signature algorithms). They are completely unrelated except for (apparently) belong to the same host. SSH also supports DSA and Ed25519 signatures and host keys, but DSA is now unfashionable and disabled by default in OpenSSH. MD5-in-hex and SHA256-in-b64 are different hashes of the _same_ key, used respectively by older and newer versions of OpenSSH. You can tell `ssh-keyscan` which keytype(s) to get and `ssh-keygen` which hash to use, so `ssh-keyscan -t rsa host | ssh-keygen -l -E md5 -f -` should get your md5 hash. – dave_thompson_085 May 23 '22 at 11:26
  • However this is not about programming or development, so can't properly be answered here. BTW the "X.509" and "DER" items in your image can't be for SSH because SSH never uses X.509 or DER (on the wire; OpenSSL does use DER in local privatekeys in the 'old' aka 'OpenSSL legacy' formats). – dave_thompson_085 May 23 '22 at 11:28
  • Thanks! Didn't realize these are different keys. I did `ssh-keyscan -t rsa host | ssh-keygen -l -E md5 -f -` and the fingerprint matches the md5 fingerprint they gave. However: Since these are, as you say, two different keys (RSA and ECDSA), it still stands that I can match (by fingerprint, md5 or sha1) the RSA host key, but I still can't match the ECDSA key! Sure, I can force ssh to use the rsa key, too: `ssh -o HostKeyAlgorithms=ssh-rsa -o UserKnownHostsFile=/dev/null redacted@redacted` and then the fingerprints in openssh match. – sark_work May 23 '22 at 11:53
  • But it's odd that their appliance offers an ECDSA key, but they can't provide me with the proper fingerprints. Oh well, I guess someone in management now has to decide whether this is secure enough ... – sark_work May 23 '22 at 11:53

0 Answers0