SSH Fingerprints Website

If you're connecting the first time to a SSH Server you will perhaps get an alert message. The fingerprint should also be shown right below the message.

Windows

alert.jpg

Linux

linux.jpg

Be aware that the . is not part of they key

The website

You can check if the fingerprint is correct with this website (https://ssh-fingerprints.ee.ethz.ch/).

The website contains the SSH fingerprints of every SSH server we manage.

Type in the hostname you want to connect to into the search bar on the top right corner of the website. The host with its fingerprint should now be shown in the table. Compare the fingerprint with the alert message. If it's the same fingerprint as shown then you can safely trust the connection.

On the top left there is a button to show or hide the SSH-Keys. These keys are saved in a file so the system can be authenticated as a "known host". Upon clicking "Yes" on your first connection to a server, the connection will be saved in that file.

There may be more than one ssh-key for one host. ssh-ed25519 has stronger encryption than ssh-rsa but ist not yet widely supported.

There also is a md5 and SHA256 version of every key. Windows uses the md5 and Linux the SHA256 one.

Example for bad connection

compare.png

As you can see the name and the IP address is the same but the ssh key is not. You should not only check the hostname and IP address but most importantly the fingerprint.

If come across this case please under no circumstances press yes and contact us immediately us at support@ee.ethz.ch

SshFingerprints (last edited 2018-07-18 10:45:28 by misticat)