Stewart Stremler wrote:
begin quoting Ralph Shumaker as of Sun, Oct 02, 2005 at 10:11:29PM -0700:
Stewart Stremler wrote:
SSH protects against this by keeping a list of known hosts and their
keys. When you first connect to a server, it'll tell you the key
fingerprint of that server and ask if you want to trust that machine.
What you're _supposed_ to do is have obtained the fingerprint via
another channel beforehand, and now you compare the two and make sure
that they're the same.
How do I get it right from the host machine when I'm sitting at it's
keyboard?
Let's say the key that you want to get a fingerprint of is "ssh_host_key.pub",
in the current working directory. You'd type something like:
ssh-keygen -l -f ssh_host_key.pub
to get the fingerprint for the key. The ssh-keygen program is what you
use to create and poke at keys, the -l option says you want the fingerprint,
and the -f says "from the following file".
And if I don't even know the name of the file from which to get the
fingerprint?
I am reasonably certain that no one has done anything with regards to
ssh on either machine, either hers (the host) or mine (the client). She
and her children never pop the hood on the PC, either physicly nor in
the CLI.
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
