This may seem like a useless post, but I’ve always wondered about the banner ssh shows when connecting to a new server. How do you actually know that you’re connecting to the correct server. Usually when ssh’ing to a host you see a banner like this one :
test@creamsoda:~$ ssh dvnt@solaris.devzero.co.za The authenticity of host 'solaris.devzero.co.za (192.168.56.102)' can't be established. RSA key fingerprint is SHA256:2vSgVyFr4obIQHm3tnW5GYCYcrtnhu6N8fwVGnhJm2E. Are you sure you want to continue connecting (yes/no)? dvnt@solaris:~$ ssh root@ub.devzero.co.za The authenticity of host 'ub.devzero.co.za (192.168.56.101)' can't be established. RSA key fingerprint is 66:f2:bb:db:3c:97:da:fb:23:fa:83:07:c2:06:0c:31. Are you sure you want to continue connecting (yes/no)?
How do you truly know if you should answer yes or not?
The host ID private and public keys usually live at /etc/ssh/
Before connecting, get the output hash from the destination server or ask the destination owner to give you a copy of the hash or public key before connecting.
It appears that the ssh-keygen on Linux is slightly different to that on Solaris so some of the options may differ. See below:
test@creamsoda:~$ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub 2048 SHA256:Wdz23SwwsJMK6SiZh6PIfin7g8so9UCyeK0GqCDbOZA root@creamsoda (RSA) test@creamsoda:~$ ssh-keygen -E md5 -l -f /etc/ssh/ssh_host_rsa_key.pub 2048 MD5:66:f2:bb:db:3c:97:da:fb:23:fa:83:07:c2:06:0c:31 root@creamsoda (RSA)
dvnt@solaris:~$ ssh-keygen -e -l -f /etc/ssh/ssh_host_rsa_key.pub 2048 16:2f:1f:f1:ef:97:04:67:c0:22:11:5d:90:81:14:06 /etc/ssh/ssh_host_rsa_key.pub
Now that the host ID is actually known, you can actually type yes and submit your log in credentials with less risk of been pwned.
###
