Technical Note - SSH Host Key Fingerprints
Summary
Public key fingerprints can be used to validate an ssh connection to a remote server.
Fingerprints for commonly used ECS systems are provided here.
Details
Using SSH Key Fingerprints.
SSH key verification is a process used to ensure that the SSH key you are connecting with belongs to the intended server or host. It is an essential security measure to prevent man-in-the-middle (MITM) attacks, where an attacker can intercept the connection and impersonate the server or host.
Here's how SSH key verification works:
- Host Key Fingerprint: When you connect to an SSH server for the first time, the server sends its public host key to the client. This public key has a unique fingerprint or hash, which is displayed to the user.
- Verifying the Fingerprint: You should compare the displayed fingerprint with the known and trusted fingerprint of the server. This trusted fingerprint can be obtained from the server administrator or from a trusted source, such as the server's website or documentation. This page provides that trusted source for ECS systems.
- Accepting or Rejecting the Key: If the displayed fingerprint matches the trusted fingerprint, you can choose to accept and add the server's public key to your client's known-hosts file. This file stores the trusted public keys of the servers you have connected to before.
- Future Connections: On subsequent connections to the same server, the client will check if the server's public key matches the one stored in the known_hosts file. If the keys match, the connection is allowed. If the keys do not match, the client will warn you about a potential MITM attack, and you can choose to accept the new key or abort the connection.
ECS Machines
Fingerprints for commonly used ECS systems are provided here.
| Host |
Algorithm |
SHA256 |
|---|
| entry.ecs.vuw.ac.nz |
ECDSA |
SHA256:JSgJc0EVon5yPRLvcPrCKgd9KBoouWBGLOgmAYjy3QE |
| entry.ecs.vuw.ac.nz |
ED25519 |
SHA256:H+rTkH/u7mKi9DgU5XDK/EPCfUmVVbPZB9w6Kpc2ExM |
| entry.ecs.vuw.ac.nz |
RSA |
SHA256:l8uinkAlOnxf2eImfW0Y7GEwPzdOu8PfHjCsQIBOvt4 |
| |
| barretts.ecs.vuw.ac.nz |
ECDSA |
SHA256:MS5ijJ/Dz/H6KYqqWEoZ+eyP7R/HIEZzK1ikRU86Tcg |
| barretts.ecs.vuw.ac.nz |
ED25519 |
SHA256:Ix+sPC/+zOVDYAJwofd6pJ1I2acWUn0v2M20tcPr+HY |
| barretts.ecs.vuw.ac.nz |
RSA |
SHA256:fUa1Lv/XsEZsDx33gCCD8vlLPhyLJ4TPPKHHKGpgWTE |
| embassy.ecs.vuw.ac.nz |
ECDSA |
SHA256:UIQP+RWxONZHB0ors7RDgSFgqJQyaYOCqSIr3LNbJ4U |
| embassy.ecs.vuw.ac.nz |
ED25519 |
SHA256:AJsOlS7epVwT9m+R+Zs7qDrMgwsOKPsIQ7tTftISZO8 |
| embassy.ecs.vuw.ac.nz |
RSA |
SHA256:9X7umgzxQX6Zk1HIW9og+EzHrEN9V5xvkX8NUcqr/N4 |
| greta-pt.ecs.vuw.ac.nz |
ECDSA |
SHA256:yOgnCFQr+aIURhLfi8SxsQAPC88EbwKRtFcvBzzlYvs |
| greta-pt.ecs.vuw.ac.nz |
ED25519 |
SHA256:Ix+sPC/+zOVDYAJwofd6pJ1I2acWUn0v2M20tcPr+HY |
| greta-pt.ecs.vuw.ac.nz |
RSA |
SHA256:z/DJFBrKJBzWQGiPN64IB/0vgndOt1mosHGqjwDk9CQ |
| regent.ecs.vuw.ac.nz |
ECDSA |
SHA256:i2cgjppvuG8No2IfLi1UNfvBK6dT88R7aLi/ejuC9v8 |
| regent.ecs.vuw.ac.nz |
ED25519 |
SHA256:nzzP61GsTX3AHX57x149g5K2mY2d6Ubm2nKmt4BhVX4 |
| regent.ecs.vuw.ac.nz |
RSA |
SHA256:qclqpGa9ufaExHjgmsSyqpBpmDolmm1aT4gOe2tMN48 |
| |
| bats.ecs.vuw.ac.nz |
ECDSA |
SHA256:UIQP+RWxONZHB0ors7RDgSFgqJQyaYOCqSIr3LNbJ4U |
| bats.ecs.vuw.ac.nz |
ED25519 |
SHA256:aLSQOY09pPZbeLbmH2kUTDSOzip0G0KipWSFv6/xeR8 |
| bats.ecs.vuw.ac.nz |
RSA |
SHA256:LuprXaTDfcYKPVwZxScc9KS3qj4qU+6fKQy4QDhPkqc |
| circa.ecs.vuw.ac.nz |
ECDSA |
SHA256:hrHPpPSrFPRxdx2LzIMMaQfojs1OvHrNTA/pynN9iic |
| circa.ecs.vuw.ac.nz |
ED25519 |
SHA256:R35Zrb8aN03A/JfyOfcFxQhF2J9t6HSO7xmDimyikQk |
| circa.ecs.vuw.ac.nz |
RSA |
SHA256:W2BluCxyiw96pH68oWylQIobGtDTeArPtnDPvSpqGRY |
Full public keys for any ECS server can always be retrieved from
/etc/ssh/ssh_known_hosts on any ECS Linux/Unix system.
ECS GitLab
SSH host key fingerprints for the ECS GitLab instance are also available from Instance Configuration page
https://gitlab.ecs.vuw.ac.nz/help/instance_configuration.
Raapoi Cluster
Fingerprints for the Raapoi research cluster are available from
https://vuw-research-computing.github.io/raapoi-docs/accessing_the_cluster.
GitLab.com
SSH host key fingerprints for the GitLab's public cloud instance are available from its Instance Configuration page
https://gitlab.com/help/instance_configuration.
GitHub.com
GitHub's SSH key fingerprints are available from
https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints.
