Differences between revisions 29 and 30
Revision 29 as of 2018-07-17 12:53:35
Size: 1154
Editor: misticat
Comment:
Revision 30 as of 2018-07-17 12:56:06
Size: 1270
Editor: misticat
Comment:
Deletions are marked like this. Additions are marked like this.
Line 22: Line 22:
There may be a ssh-rsa and a ssh-ed25519 for one host. ed25519 has stronger encryption but ist not yet widely supported. There may be more than one ssh-key for one host. ssh-ed25519 has stronger encryption than ssh-rsa but ist not yet widely supported.

There also is md5 and SHA256 version of every key. Windows uses the md5 and Linux the SHA256 version.

SSH Fingerprints Website

If you're connecting the first time to a SSH Server you will perhaps get an alert message. The fingerprint should also be shown right below the message.

Windows

alert.jpg

Linux

linux.jpg

The website

You can check if the fingerprint is correct with this website (https://ssh-fingerprints.ee.ethz.ch/).

The website contains the SSH fingerprints of every SSH server we manage.

Type in the hostname you want to connect to into the search bar on the top right corner of the website. The host with its fingerprint should now be shown in the table. Compare the fingerprint with the alert message. If it's the same fingerprint as shown then you can safely trust the connection.

There may be more than one ssh-key for one host. ssh-ed25519 has stronger encryption than ssh-rsa but ist not yet widely supported.

There also is md5 and SHA256 version of every key. Windows uses the md5 and Linux the SHA256 version.

Example for bad connection

notsamev2.png

As you can see the name and the IP address is the same but the ssh key is not. You should not only check the hostname and IP address but most importantly the fingerprint.

SshFingerprints (last edited 2020-09-09 11:45:20 by bonaccos)