UMLUG,
For my education on ssh, a question:
desktop:~: ssh -v laptop
...
debug1: Host '10.0.0.172' is known and matches the ED25519 host key.
debug1: Found key in /home/milgram/.ssh/known_hosts:21
...
And connects as expected.
Which is comforting. But the key in line 21 in that file (on desktop)
doesn't actually match the host key on laptop.
desktop:~/.ssh: sed -n '21 p' known_hosts
10.0.0.172 ssh-ed25519 AAAAC3Nz...SajQBib
laptop:/etc/ssh: ssh-keygen -l -f ssh_host_ed25519_key.pub
256 SHA256:NGSOhqPQ...AjzClhc r...@dart.cgpp.com (ED25519)
(ellipses mine)
And indeed I can't find lqptop's ...AjzClhc host key anywhere in
desktop's ~/.ssh/known_hosts file.
How can this be?
BTW I haven't set StrictHostKeyChecking, but whatever the case, it
should refuse to connect if host key changes.
Again, this is an inverse problem: everything works ... but it shouldn't.
Related question: It seems "ssh-keygen -l" generates the same footprint
for each of the private and public key pairs.
laptop:/etc/ssh:ROOT: for f in ssh_host_ed25519_key*; do echo $f &&
ssh-keygen -l -f $f; done
ssh_host_ed25519_key
256 SHA256:NGSOhqPQvvz/MmzhK4xD...DAjzClhc root@laptop... (ED25519)
ssh_host_ed25519_key.pub
256 SHA256:NGSOhqPQvvz/MmzhK4xD...DAjzClhc root@laptop... (ED25519)
But the key and key.pub files are obviously different ... is this the
way it's supposed to work? I guess it's convenient to have the key map
to the pair, rather than having two keys. But how can this work? That
is, private and public keys are different files, how can both yield the
same fingerprint, especially when one only has access to one of them at
a time? Must be one of those PKI things.
thanks, as always!
Judah
--
=====
milg...@cgpp.com
301-257-7069
You received this email because you are subscribed to the UM Linux User's Group
(UM-LINUX) mailing list. If you would like to unsubscribe from this list,
simply send an email to lists...@listserv.umd.edu with the message signoff
UM-LINUX in the body.
