Hi Stefan, Stefan Krusche writes:
> Am Donnerstag 31 Mai 2018 schrieb Stefan Krusche: >> Good day everyone, >> >> while starting the devuan installer from >> devuan_ascii_2.0.0-rc_amd64_netinst.iso and initiating to continue with ssh >> remote install (in graphic expert install mode) the installer showed its >> fingerprint as SHA256:xxx, which was new to me. It used to be an RSA key >> fingerprint. >> >> Problem: when I try to connect from my other machine which is a devuan >> jessie system to the one I'm gonna set up: >> ssh installer@192.168.19.3 >> ssh still shows an RSA fingerprint from the installer, so I don't know how >> to verify it (which was easy with the jessie installer just by looking). >> >> Not that I don't trust my own computer here but I'd like to know if I need >> a more recent version of ssh or if there's a way to get a visual match or >> something. Found nothing about SHA256 host keys in man ssh. >> >> Can anyone clarify about this to me, please? >> > > So, I just found this: > https://superuser.com/questions/929566/sha256-ssh-fingerprint-given-by-the-client-but-only-md5-fingerprint-known-for-se#929567 > according to which fingerprint of the sshd server defaults to SHA256 from some > version on and I'd expect it to be sent as such to the client. > > My older version can't seem to process option "-o FingerprintHash=sha" as > suggested in the posting on superuser.com to get the SHA256 key fingerprint > which is shown on the screen of the installer. My understanding is that on your remote client you should specify md5, not sha. That is, "-o FingerprintHash=md5". > Now, I don't know if the RSA key fingerprint of the sshd server of the > installer, which my ssh client shows, is sent that way from the server (should > be so, right?) or my ssh client is to old and with a newer one it would show > the SHA256 key fingerprint like on the installer screen. Maybe, the installer > has to be configured to send SHA256 key fingerprint and it isn't? If things don't work on the remote client side and you can execute a shell on the machine you're installing on, you can get the MD5 hash with ssh-keygen -l -E md5 -f $file where $file is one of the SSH server's keyfiles in the installation target. IIRC, these should be below /target/etc/ssh/. There is an option to execute a shell in the installer itself or you can switch virtual terminals with one of the Alt-Fn key combos. Don't quite remember for which value of n, but in the F1 through F4 range. Hmm, or was that Ctrl-Alt-Fn? Anyway, just try a couple of combinations ;-) Hope this helps, -- Olaf Meeuwissen, LPIC-2 FSF Associate Member since 2004-01-27 GnuPG key: F84A2DD9/B3C0 2F47 EA19 64F4 9F13 F43E B8A4 A88A F84A 2DD9 Support Free Software https://my.fsf.org/donate Join the Free Software Foundation https://my.fsf.org/join _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
