Differences between revisions 1 and 45 (spanning 44 versions)
Revision 1 as of 2018-06-26 12:40:15
Size: 6
Editor: misticat
Comment:
Revision 45 as of 2018-07-20 11:25:26
Size: 1817
Editor: misticat
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
Test <<TableOfContents(4)>>

= SSH Fingerprints Website =

If you're connecting the first time to a SSH Server you will perhaps get an alert message. The fingerprint should also be shown right below the message.

== Windows ==
{{attachment:alert.jpg}}

== Linux ==
{{attachment:linux.jpg}}

/!\ Be aware that the "." (dot) at the end of the fingerprint is not part of the key.

== The website ==
You can check if the fingerprint is correct with this website (https://ssh-fingerprints.ee.ethz.ch/).

The website contains the SSH fingerprints of every SSH server we manage.

Type in the hostname you want to connect to into the search bar on the top right corner of the website.
The host with its fingerprint should now be shown in the table.
Compare the fingerprint with the alert message.
If it's the same fingerprint as shown then you can safely trust the connection.

On the top left there is a button to show or hide the SSH-Keys. These keys are saved in a file so the system can be authenticated as a "known host". Upon clicking "Yes" on your first connection to a server, the connection will be saved in that file.

There may be more than one ssh-key for one host. ssh-ed25519 has stronger encryption than ssh-rsa but ist not yet widely supported.

There also is a md5 and SHA256 version of every key. Windows uses the md5 and Linux the SHA256 one.

The part "MD5:" ist not part of the key used for Windows.

== Example for bad connection ==
{{attachment:compare.png}}

As you can see the name and the IP address is the same but the ssh key is not. You should not only check the hostname and IP address but most importantly the fingerprint.

If you come across this case please '''under no circumstances''' type yes. '''Instead contact us immediately''' at <support@ee.ethz.ch>.

SSH Fingerprints Website

If you're connecting the first time to a SSH Server you will perhaps get an alert message. The fingerprint should also be shown right below the message.

Windows

alert.jpg

Linux

linux.jpg

/!\ Be aware that the "." (dot) at the end of the fingerprint is not part of the key.

The website

You can check if the fingerprint is correct with this website (https://ssh-fingerprints.ee.ethz.ch/).

The website contains the SSH fingerprints of every SSH server we manage.

Type in the hostname you want to connect to into the search bar on the top right corner of the website. The host with its fingerprint should now be shown in the table. Compare the fingerprint with the alert message. If it's the same fingerprint as shown then you can safely trust the connection.

On the top left there is a button to show or hide the SSH-Keys. These keys are saved in a file so the system can be authenticated as a "known host". Upon clicking "Yes" on your first connection to a server, the connection will be saved in that file.

There may be more than one ssh-key for one host. ssh-ed25519 has stronger encryption than ssh-rsa but ist not yet widely supported.

There also is a md5 and SHA256 version of every key. Windows uses the md5 and Linux the SHA256 one.

The part "MD5:" ist not part of the key used for Windows.

Example for bad connection

compare.png

As you can see the name and the IP address is the same but the ssh key is not. You should not only check the hostname and IP address but most importantly the fingerprint.

If you come across this case please under no circumstances type yes. Instead contact us immediately at <support@ee.ethz.ch>.

SshFingerprints (last edited 2023-10-16 13:35:16 by alders)