Join egghead, unlock knowledge.

Want more egghead?

This lesson is for members. Join us? Get access to all 3,000+ tutorials + a community with expert developers around the world.

Unlock This Lesson
1×
Become a member
to unlock all features

Level Up!

Access all courses & lessons on egghead today and lock-in your price for life.

Autoplay

    Check and verify SSH fingerprints

    Mark ShustMark Shust
    bashBash

    Learn how to retrieve the SSH fingerprint of a remote host, and also how to verify you are connecting to your trusted server and not an impersonator. The known_hosts file keeps track of SSH fingerprints and remote hosts that you previously connected to.

    Code

    Code

    Become a Member to view code

    You must be a Member to view code

    Access all courses and lessons, track your progress, gain confidence and expertise.

    Become a Member
    and unlock code for this lesson
    Transcript

    Transcript

    Instructor: 0:00 Once you SSH into a remote host, the server fingerprint and key are added to the known_hosts file within the .ssh folder of your home directory. This file contains a list of remote servers you have connected to in the past. The file ensures you are connected to the correct server, not a fake or impersonator.

    0:22 Sometimes if you try connecting to a new machine that has been assigned an IP address which you previously used to connect another server, you will get a host mismatch error. This is because the remote host fingerprint does not match the record within your known_hosts file.

    0:41 SSH into your remote host. What you will do next is get the SSH fingerprint of this machine. Type ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key.pub. The -l tells ssh-keygen we want the fingerprint, and the -f tells it where to find the host's public key. This is the typical location for Linux servers. What is outputted is the fingerprint of this machine.

    1:21 Now exit the remote host and run the command ssh-keygen -R and then the remote hostname or IP. This command removes all keys from the known_hosts file on your local machine that belong to the specified host.

    1:38 Now when you try to connect back to the remote host, it'll ask you to confirm connecting to the remote host and will also supply you with the remote host's SSH fingerprint. You can compare the output of the remote host's fingerprint to the output of the fingerprint that we're about to connect to in order to verify you are connecting to the desired remote host.

    Discuss

    Discuss