OpenBSD的“ssh-keygen -l”输出格式在5.7中已经改变了。 从旧的ssh版本连接时如何validation主机密钥?
在OpenBSD 5.6之前,host_keys指纹输出格式如下所示:
# ssh-keygen -lf ssh_host_ecdsa_key.pub 256 9d:76:ba:86:80:ef:63:eb:41:2f:13:f3:f4:b5:0b:35 [email protected] (ECDSA) 在OpenBSD 5.7中,输出格式已经改变:
# ssh-keygen -lf ssh_host_ecdsa_key.pub 256 SHA256:6vYsd91sIrtVqPXazpPfRxj9QDa+1+Ns2C2lKSUph3c [email protected] (ECDSA)
从OpenBSD5.7 ssh客户端连接到OpenBSD5.7 sshd时,可以进行validation:
# ssh localhost The authenticity of host 'localhost (127.0.0.1)' can't be established. ECDSA key fingerprint is SHA256:6vYsd91sIrtVqPXazpPfRxj9QDa+1+Ns2C2lKSUph3c. Are you sure you want to continue connecting (yes/no)?
当从OpenBSD 5.6连接到OpenBSD 5.7机器时,如何validation密钥指纹? 有没有办法转换输出格式?
在OpenBSD 5.7中,ssh-keygen使用SHA256作为默认的指纹哈希。
您正在查找指纹的MD5哈希值:
# ssh-keygen -l -E md5 -f /etc/ssh/ssh_host_ecdsa_key.pub