You are not logged in.
Hello,
I'm currently struggling with SSH fingerprints. I used to validate fingerprints manually using the output provided by ssh or ssh-keygen. While this does work with most distros arch (or the OpenSSH 6.8 installed) seems to use a different fingerprint format.
Other distros (gentoo with OpenSSH 7.6, debian with 7.0, etc) output fingerprints (connecting to unknown hosts, using ssh-keygen, etc) using hex notation:
ECDSA key fingerprint is 00:11:22:33:44…however using arch i get some Hash-representation:
ECDSA key fingerprint is SHA256:qj96KeObviously this prevents me from comparing the fingerprints. Does anyone know where to change the output format used or how to compare these fingerprints?
Thanks in advance
Florian
---snip---
Thanks to a buddy in IRC I was able to change the behavior - for those searching along:
The default hash algorithm used for fingerprint hashes was changed from md5 to sha256. In my case i tried to connect from arch (sha256) to debian (md5). ssh-keygen on debian doesn't support sha256 as far as I can tell - newer versions allow a "-E md5" or "-E sha256" to choose the desired hash type. So I went the easier route and "downgraded" arch to md5 for this server. To do this open your SSH-config (/etc/ssh/ssh_config or ~/.ssh/config) and add the following lines:
Host oldserver.org
FingerprintHash md5When connecting to the host arch will now show the MD5 representation of the fingerprint which can be compared to the output of ssh-keygen on debian. Other servers ore not affected and will still use the newer sha256.
Last edited by adlerweb (2015-04-18 12:09:24)
Offline