|
Size: 812
Comment:
|
Size: 1270
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 3: | Line 3: |
| If you're connecting the first time to a SSH Server you will perhaps get an alert message. If the message says: '' "The server's host key ist not cached in the registry. You have no gurantee that the server is the computer you think it is." '' it should also show you a fingerprint right below. |
If you're connecting the first time to a SSH Server you will perhaps get an alert message. The fingerprint should also be shown right below the message. ==== Windows ==== {{attachment:alert.jpg}} ==== Linux ==== {{attachment:linux.jpg}} ==== The website ==== |
| Line 8: | Line 16: |
| Search or type in the hostname you want to connect to in the search bar on the top right corner of the website. | Type in the hostname you want to connect to into the search bar on the top right corner of the website. |
| Line 11: | Line 20: |
| If it's the same fingerprint as shown then can safely trust the connection. | If it's the same fingerprint as shown then you can safely trust the connection. There may be more than one ssh-key for one host. ssh-ed25519 has stronger encryption than ssh-rsa but ist not yet widely supported. There also is md5 and SHA256 version of every key. Windows uses the md5 and Linux the SHA256 version. ==== Example for bad connection ==== {{attachment:notsamev2.png}} As you can see the name and the IP address is the same but the ssh key is not. You should not only check the hostname and IP address but most importantly the fingerprint. |
SSH Fingerprints Website
If you're connecting the first time to a SSH Server you will perhaps get an alert message. The fingerprint should also be shown right below the message.
Windows
Linux
The website
You can check if the fingerprint is correct with this website (https://ssh-fingerprints.ee.ethz.ch/).
The website contains the SSH fingerprints of every SSH server we manage.
Type in the hostname you want to connect to into the search bar on the top right corner of the website. The host with its fingerprint should now be shown in the table. Compare the fingerprint with the alert message. If it's the same fingerprint as shown then you can safely trust the connection.
There may be more than one ssh-key for one host. ssh-ed25519 has stronger encryption than ssh-rsa but ist not yet widely supported.
There also is md5 and SHA256 version of every key. Windows uses the md5 and Linux the SHA256 version.
Example for bad connection
As you can see the name and the IP address is the same but the ssh key is not. You should not only check the hostname and IP address but most importantly the fingerprint.