fingerprint for the ECDSA key

验证 fingerprint for the ECDSA key

ssh-keygen -t ecdsa -f ssh_host_ecdsa_key

在B上ssh A ，得到A的fingerprint for the ECDSA key ：请问怎么在A上核实fingerprint for the ECDSA key ？

怎么验证其shu

https://serverfault.com/questions/690855/check-the-fingerprint-for-the-ecdsa-key-sent-by-the-remote-host

https://en.wikipedia.org/wiki/Public_key_fingerprint

在公开密钥加密中，公开密钥指纹（下称：公钥指纹）是用于标识较长公共密钥字节的短序列。指纹通过应用加密散列函数到一个公共密钥来实现。^[1]由于指纹较比生成它们的密钥短得多，因此可以用来简化某些密钥的管理任务。

zh.wikipedia.org/wiki/公开密钥指纹

[root@localhost etc]# ssh 47.103.130.122

The authenticity of host '47.103.130.122 (47.103.130.122)' can't be established.

ECDSA key fingerprint is ae:c6:19:06:c6:bd:45:15:8c:e3:f1:72:8b:db:49:9b.

Are you sure you want to continue connecting (yes/no)?

iZuf6e17yluo9vhmc8zpujZ ssh #  for file in *_key.pub; do   ssh-keygen -lf $file; done

1024 SHA256:nQ0XISn0Ttbg4kyCRKJruL9Tzw+ui41+AHKWU2UTn04 root@iZuf6e17yluo9vhmc8zpujZ (DSA)

256 SHA256:8Op4jTz/yItNN4MubGsGRtSJNwPZngkGDgHXpwqxdkI root@iZuf6e17yluo9vhmc8zpujZ (ECDSA)

256 SHA256:JZ4+J2EqjBaJ5BS1VDQDwXgo0575slnlLLxu8W0gePE root@iZuf6e17yluo9vhmc8zpujZ (ED25519)

2048 SHA256:R4y4F0Z/p91m+hRWid6IkU9nMDd6T5vf1/8vei9mNSk root@iZuf6e17yluo9vhmc8zpujZ (RSA)

iZuf6e17yluo9vhmc8zpujZ ssh # pwd

/etc/ssh

iZuf6e17yluo9vhmc8zpujZ ssh #  for file in *_key.pub; do  cat  $file; done

ssh-dss AAAAB3NzaC1kc3MAAACBAO1lKslvEr+NylRDMx4GfGyvT/nm/QM1a1AKl379uThL2WYEh/ywi5zjf5CoFwVCO+F14UnXO3zn/wfUhfZkaOClWRkyojyz2ZA9MGlcLVGHOKlzFtiwE+G03NOdltKcy4MZSdpHzzN/tObPHlvwJDwxFk4taYRQzSgj9uvjtM+ZAAAAFQDrlKl29qlLUuqIrcmBRf+tzsfR7QAAAIEA0WbxRR4rTFri2yWetsYIu/8rD4+buQhF+WR5qmF3baYDx/chqbiqdEr0tjADcc03N+F9m8qOiAbTpYVyxgAT3U1Pflt5VTF46tcxge2PYXJJf7Vq+Zw9EbosCU2bFzlpxb13bkUex6TCoxwUMLZW5MVtoXILyz1VJppldQURxjgAAACAXcN0d6BzMDO5rnsxYnZpBM4nqkBP8QFFip6P6z2OcNhQqrc7DeWuSINhFCwLydhlK05diQqbZ6+xio484rt+Vy07eDrBMoOAPhZWUNW9gCjPF3A6y2RxoNpHwD1ztbQs3B6ieNcCDzUxOyjLZYM0tlnS5Y2Wt1lmXfSD2jbYs2s= root@iZuf6e17yluo9vhmc8zpujZ

ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGRxjDJEj56fDlblsLMlCrSQ+Q9gvdupg0XF1RpFqYj38PzJdqzsOz+twPW11nmz4+DraeRpHRdUlaIdWBcLO9Y= root@iZuf6e17yluo9vhmc8zpujZ

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBBhxEsC+UA64MQa7o/G1Zg4ggNcmlAo+X0mh4M0i5mk root@iZuf6e17yluo9vhmc8zpujZ

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQCwH+6c6MY7Z4C1Kghebq8IcUw1RbfVZaEwiumOmpPPYDM97KthdoOfc+VTKZiRtVI6Qze/rKDaSWtnSHSX/bFzhRXJQiybNQGZ6x1VhlT07+95Wv6ZsWMc0fviWGKgL4ddkSkWNAdNC5XCN+T4azpFnO8WxXYbHIUmgMWYMdfCsFMNvSfGGxB0WhOff/st8EquWeLwgOs2d1sZTKsjBC7hsOqnzYtLcRsuL8XSsHRieVQ2drxyJqVmSJztqdc4uUv00GbE6h2yK/O/GIY2Gp8y6e6SiYNxjPbiqK/M70U2kcOXsp4hGtqM1xQcRjp5mbTxWvma34Tsrfp8uPr65b root@iZuf6e17yluo9vhmc8zpujZ

iZuf6e17yluo9vhmc8zpujZ ssh #

生成公钥指纹的概括步骤如下：

公钥（以及任选的一些额外数据）被编码成一个字节序列，以确保同一指纹以后在相同情况下可以创建，因此编码必须是确定的，并且任何附加的数据必须与公共密钥一同存放。附加数据通常是使用此公共密钥的人应该知道的信息，如：密钥持有人的身份（此情况下，X.509信任固定的指纹，且所述附加数据包括一个X.509自签名证书）^[2]。
在前面步骤中产生的数据被散列加密，如使用SHA-1或SHA-2。
如果需要，散列函数的输出可以缩短，以提供更方便管理的指纹。

产生的短指纹可用于验证一个很长的公共密钥。例如，一个典型RSA公共密钥的长度会在1024位以上，MD5或SHA-1的指纹却只有128或160位。

当指纹被显示时，通常被编码成十六进制字符串。然后，这些字符串格式化成可读性字符组。例如，如一个128位的MD5指纹SSH将被显示为：

 43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8

[root@localhost ~]# ssh 47.103.130.122

The authenticity of host '47.103.130.122 (47.103.130.122)' can't be established.

ECDSA key fingerprint is ae:c6:19:06:c6:bd:45:15:8c:e3:f1:72:8b:db:49:9b.

Are you sure you want to continue connecting (yes/no)?

iZuf6e17yluo9vhmc8zpujZ ssh # cd /etc/ssh;for i in `ls *.pub`;do echo $i &&  ssh-keygen -lf $i -E md5;done

ssh_host_dsa_key.pub

1024 MD5:81:cc:5f:85:22:06:86:f7:a1:02:53:14:c3:1f:75:31 root@iZuf6e17yluo9vhmc8zpujZ (DSA)

ssh_host_ecdsa_key.pub

256 MD5:ae:c6:19:06:c6:bd:45:15:8c:e3:f1:72:8b:db:49:9b root@iZuf6e17yluo9vhmc8zpujZ (ECDSA)

ssh_host_ed25519_key.pub

256 MD5:09:57:19:76:45:2e:d6:f4:01:06:7b:9d:2d:6f:da:99 root@iZuf6e17yluo9vhmc8zpujZ (ED25519)

ssh_host_rsa_key.pub

2048 MD5:6b:a7:92:ec:c8:03:24:0a:3f:ce:7e:a3:73:fe:e1:6f root@iZuf6e17yluo9vhmc8zpujZ (RSA)

iZuf6e17yluo9vhmc8zpujZ ssh #

巴特西

fingerprint for the ECDSA key

最新文章

热门文章