Is the fingerprint existing with no public/private key file ? - SSH

This is a discussion on Is the fingerprint existing with no public/private key file ? - SSH ; Hello, I have installed a SFTP solution with MySecureShell on a Linux server. So users don't have active shell and can only use the SFTP protocol. When connecting to the server for the first time, the client is asked to ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Is the fingerprint existing with no public/private key file ?

  1. Is the fingerprint existing with no public/private key file ?

    Hello,

    I have installed a SFTP solution with MySecureShell on a Linux server.
    So users don't have active shell and can only use the SFTP protocol.

    When connecting to the server for the first time, the client is asked
    to check for the server fingerprint. But as I don't have private/public
    keys on my server how can I check this fingerprint on my server ?

    Thanks if you can help,

    C. Tobini


  2. Re: Is the fingerprint existing with no public/private key file ?

    ctobini wrote:
    > Hello,
    >
    > I have installed a SFTP solution with MySecureShell on a Linux server.
    > So users don't have active shell and can only use the SFTP protocol.
    >
    > When connecting to the server for the first time, the client is asked
    > to check for the server fingerprint. But as I don't have private/public
    > keys on my server how can I check this fingerprint on my server ?
    >
    > Thanks if you can help,
    >
    > C. Tobini
    >


    Send an email to your users that includes a copy of the fingerprint. If
    it matches what they see when they use sftp for the first time, they can
    just accept it.

    Personally I just accept every fingerprint if it's the first time I'm
    connecting to the server, and I only get concerned if it changes. If it
    does I call the sysadmin on the phone and confirm that it's really been
    changed and that the host hasn't been hijacked.

  3. Re: Is the fingerprint existing with no public/private key file ?

    ctobini wrote:
    > Hello,
    >
    > I have installed a SFTP solution with MySecureShell on a Linux server.
    > So users don't have active shell and can only use the SFTP protocol.
    >
    > When connecting to the server for the first time, the client is asked
    > to check for the server fingerprint. But as I don't have private/public
    > keys on my server how can I check this fingerprint on my server ?
    >
    > Thanks if you can help,
    >
    > C. Tobini
    >


    Yes. The server has a fingerprint regardless of whether public keys are
    being used for authentication. It uniquely identifies the server to the
    client and aids in protecting against someone spoofing the server
    address or hostname.

  4. Re: Is the fingerprint existing with no public/private key file ?

    ctobini wrote:
    >When connecting to the server for the first time, the client is asked
    >to check for the server fingerprint. But as I don't have private/public
    >keys on my server how can I check this fingerprint on my server ?


    The fingerprint is an unrelated thing to users' keys. It's a mechanism for
    the client to confirm that the server is what they expect, to avoid someone
    from masquerading as the real server and tricking the user into giving secret
    data.

    If you want to be sure you're connecting to the right host, you check the
    fingerprint against the one that the admin gave you. Or, FAR more commonly,
    you just accept any fingerprint the first time you connect, your client saves
    this, and checks against it each time you connect in the future.

    If it changes, something fishy may be going on.
    --
    Mark Rafn dagon@dagon.net

+ Reply to Thread