begin quoting Ralph Shumaker as of Sun, Oct 02, 2005 at 10:11:29PM -0700: > Stewart Stremler wrote: > > >SSH protects against this by keeping a list of known hosts and their > >keys. When you first connect to a server, it'll tell you the key > >fingerprint of that server and ask if you want to trust that machine. > >What you're _supposed_ to do is have obtained the fingerprint via > >another channel beforehand, and now you compare the two and make sure > >that they're the same. > > How do I get it right from the host machine when I'm sitting at it's > keyboard?
Let's say the key that you want to get a fingerprint of is "ssh_host_key.pub", in the current working directory. You'd type something like: ssh-keygen -l -f ssh_host_key.pub to get the fingerprint for the key. The ssh-keygen program is what you use to create and poke at keys, the -l option says you want the fingerprint, and the -f says "from the following file". In theory, when you create an ssh account for someone and give them the machine, account name, and initial password, you should also provide the host key fingerprint. -Stewart "Should practice what he preaches more often." Stremler -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
