From owner-freebsd-questions Thu Jan 4 13:34:20 2001 From owner-freebsd-questions@FreeBSD.ORG Thu Jan 4 13:34:18 2001 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from be-well.ilk.org (lowellg.ne.mediaone.net [24.147.184.128]) by hub.freebsd.org (Postfix) with ESMTP id 2347C37B404 for ; Thu, 4 Jan 2001 13:34:17 -0800 (PST) Received: (from lowell@localhost) by be-well.ilk.org (8.11.1/8.11.1) id f04LYGS34346; Thu, 4 Jan 2001 16:34:16 -0500 (EST) (envelope-from lowell) Sender: lowell@be-well.ilk.org To: freebsd-questions@freebsd.org Subject: Re: fingerprint of ssh host pubic key? References: <20010104104535.B20623@grumpy.dyndns.org> From: Lowell Gilbert Date: 04 Jan 2001 16:34:15 -0500 In-Reply-To: dkelly@hiwaay.net's message of "4 Jan 2001 17:46:07 +0100" Message-ID: <44pui3f1d4.fsf@lowellg.ne.mediaone.net> Lines: 23 X-Mailer: Gnus v5.7/Emacs 20.7 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG dkelly@hiwaay.net (David Kelly) writes: > On Wed, Jan 03, 2001 at 10:32:20PM -0800, Dima Dorfman wrote: > > The second word is what the ssh client displays when you first connect > > to somthing. Obviously, the above command assumes that your ssh host > > key lives in /etc/ssh (which is the default). > > Ah! Wonderful! That's exactly want I wanted. Works pretty good on > ~/.ssh/known-hosts too. > > Now to study the man page for ssh-keygen to see if I can understand > why I couldn't figure that out for myself. I don't know, but I've never used that approach anyway. I *have* sometimes used an offline method (floppies) for actually moving the public keys from one machine to another, when I wanted to feel safe from an impersonation attack. If you're dealing with a lot of machines, using fingerprints will save you a *lot* of time. - Lowell To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message