Results 1 to 3 of 3

Thread: Verifying SSH Host Key

  1. #1
    Junior Member Newbie
    Join Date
    Sep 2007
    Location
    Colorado
    Posts
    8

    Default Verifying SSH Host Key

    I'm using PuTTY to access my Cpanel account. As this is a new account for me, PuTTY does not yet have the server's host key cached. How can I verify the rsa2 key fingerprint independently to avoid a man-in-the-middle security breach?

  2. #2
    Member Newbie
    Join Date
    Oct 2006
    Posts
    46

    Default

    Probably the best explanation of available methods is listed on this securityfocus.com article.

    Briefly, however, you can blindly accept the key on your first connection, then be reasonably certain that you have the correct key for future reference by issuing the following command:

    ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub

    That will display the key for you (assuming that you're not currently having your packets re-written by a malicious man-in-the-middle to alter the server's response) and you can record/verify at that point.

  3. #3
    Junior Member Newbie
    Join Date
    Sep 2007
    Location
    Colorado
    Posts
    8

    Default

    Thanks for the tip. Now let's hope a man-in-the-middle isn't relaying all transactions, including the output of ssh-keygen...

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •