The connection ultimately goes to the correct server, because I can see the login attempt in my server logs if the user allows the connection. Update: I just noticed that even an SHA-1 hash will have 20 octets, so the displayed fingerprint is not in any SHA format apparently. The fingerprint displayed to the remote user has 16 colon-separated octets, so it doesn't appear to use SHA-224 or anything higher. So there is no indication whether RSA or DSA key is used, or whether MD5 or some SHA algorithm is used for creating the fingerprint. I have also unsuccessfully compared the fingerprint against the output of cut -d ' ' -f 2 ![]() ![]() ![]() ![]() I have a screenshot of the displayed fingerprint and have compared it with the output of ssh-keygen -lf /etc/ssh/ssh_host_dsa_key and ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub, and it doesn't match either of these. A remote user has tried to connect to my SFTP/SSH server for the first time, using the "Transmit" client under Mac OS X, and has found that the host key fingerprint doesn't match the expected value.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |