alek blogs

Checking validity of server public key with OpenSSH

It was not obvious how to compare key signature when you access new host (or one that was upgraded say from SSH2 to OpenSSH). Easy way to verify keys is to compare key signatures (this assumes you have trustful channel to get those signatures) still after login you can do some simple verification:

$ ssh-keygen -l -f /etc/ssh/ssh_host_key.pub
1024 bf:b2:5c:4a:84:be:23:29:0a:aa:33:18:8f:55:f3:34 foo@newschool.cs.indiana.edu

but wait (!) there is possibly more keys:

$ ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub
1024 08:27:15:2b:d0:6b:b4:a1:c9:c4:a2:89:c9:98:a7:3a /etc/ssh/ssh_host_dsa_key.pub

$ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
1024 b9:62:0d:a9:df:66:43:e4:97:3d:b8:a0:b2:63:52:8c /etc/ssh/ssh_host_rsa_key.pub

still what bothers me: why there are three separate keys and not just two?

created Fri August 22, 2003 12:55 AM EST [2003/8/22 0:55 EST] permalink

This blog is about:
XML, Java, and everything else (or nothing ..)

Find more about
blog author

Blogroll:
Sam Ruby
Russell Beattie
Diego Doval
Joel on Software
and some (almost) harmless entertainment: The BileBlog

Projects::
MicroLogger
Xydra
WSIF
XmlPull API
XPP3/MXP1
XSOAP
XMessages

RSS
0.92 [validate]
2.0 [validate]

Filter Entries:
Life
Java
XML
Computing
Web Services