What is a fingerprint?
Your SSH server has a unique fingerprint that is generated using a server's unique host key in order to identify the server to a client.
Why does this matter?
Whenever you make a connection to an SSH server You want to make sure that you are connecting to the right server.
If you get a warning where your client is saying that the host key cannot be verified or that is has changed you need to make sure to verify the fingerprint.
HOW DO I KNOW THE FINGERPRINT OF MY SERVER?
Run the command below
ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
The expected output should be
2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx /etc/ssh/ssh_host_rsa_key.pub (RSA)
How do I make sure that I am connecting to the correct server?
If you are using a Mac or Linux machine you should be able to find the known_hosts file in
The file should look something like
220.127.116.11 ssh-rsa Alongstringwithalphanumeric... 18.104.22.168 ssh-rsa Anotherlongstringwithalphan...
How do I verify the servers fingerprint?
- Ask the server owner what the fingerprint is
- Remove the corresponding line from
~/.ssh/known_hosts, ie if you are connecting to server with IP 22.214.171.124 then you need to remove the line that starts with IP 126.96.36.199 in
ssh email@example.com make sure that the fingerprint matches the one you got from the server owner in Step 1 above.
The output should be something like
The authenticity of host '188.8.131.52 (184.108.40.206)' can't be established. RSA key fingerprint is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx. Are you sure you want to continue connecting (yes/no)?