The SSH host key is an identifier of a SSH / SFTP server.
The SSH host key is a fingerprint to prove the identity of the SSH / SFTP server you are connecting to.
Questions tagged [ssh-host-key]
53 questions
3
votes
1 answer
Is getting server host key with ssh-keyscan secure?
I am trying to establish SSH connection to a server through a program.
As a pre-requisite to be able to do so, I am getting the publicly available server host key using ssh-keyscan and adding it to my known_hosts file. I don't have the…
c_anirudh
- 133
- 2
3
votes
1 answer
ssh -Q key not listing all key types?
I am having some problems with understanding which types of host keys my SSH daemon actually provides or supports (stock debian buster, sshd 7.9.p1). From the manual (man sshd_config):
HostKeyAlgorithms
Specifies the host key algorithms…
Binarus
- 557
- 5
- 16
3
votes
2 answers
Is running an SSH tunnel from my Web App Server to my Database server safe security-wise?
I have a web app hosted in Digital Ocean and use Laravel Forge to keep a daemon running an SSH tunnel to another server (i.e. ssh -L XXX:127.0.0.1:XXX -p XXXX root@[ipaddress]).
I do this in order to stay connected to a remote DB in that server.
Is…
Jk33
- 147
- 4
3
votes
2 answers
How do I know a new host key is safe to accept?
I am frequently rebuilding servers for staging and development. I connect to them with SSH for provisioning.
In the process, I'll destroy a VM, rebuild it, and provision it all over again with the new scripting.
One small issue I have is that my…
shanemgrey
- 153
- 5
2
votes
0 answers
What are the exact stepts made to establish a ssh connection?
From what I've read, I was able to deduce a number of steps but I am not sure if they cover all action or if they are 100% correct.
Initial setup for client
Enables ssh service
Initial setup for server
Installs a ssh-server, that will provide a…
Mihai Podaru
- 21
- 2
2
votes
2 answers
How can I trust a server's public host key when I first login remotely?
As I understand it, a host sends its public host key to the client to confirm it's the host the client intended to connect to. On initial login the host's public host key is added to the client's ~./ssh/known_hosts file or can pre-populated using…
tech-otaku
- 21
- 1
2
votes
3 answers
SSH login without password
I'm currently trying to get basic shell to an educational linux machine. I'm not an expert when it comes to ssh authentication and keys. I have done only basic ssh setup in the past and I have messed a little bit the public and private keys.
My…
GeorgeK
- 31
- 3
2
votes
1 answer
Is a SSH key required for SFTP?
Since SFTP stands for SSH + FTP, I assume I always should create a SSH key pair for it, however, I see in my client configuration that that is optional.
That is applicable for both server-side and client-side SSH key pair.
Jamo
- 143
- 5
2
votes
0 answers
computing the exchange hash for ecdsa-sha2-nistp256
I am writing code for an SSH server and can not get past the Elliptic Curve Diffie-Hellman Key Exchange Reply part of the connection. The client also closes the connection and says "Host Key does not match the signature supplied".
I am using putty…
Networker25
- 21
- 3
2
votes
1 answer
SSH to IP instead of to fully qualified hostname: does this reduce MITM risk?
I am applying configuration management to a VPS hosted by a VPS hosting company. Changing the hosting company is not an option, unfortunately.
This VPS has the following properties:
when newly-imaged or re-imaged, it generates a new, random, SSH…
sampablokuper
- 1,961
- 1
- 19
- 33
2
votes
1 answer
Are the keys generated by ssh-keygen only used in authentication?
After reading SSH Passwordless Login Using SSH Keygen in 5 Easy Steps, I come across the question: Are the keys generated by ssh-keygen only used in login authentication? I mean if I want to modify ssh-keygen to support a new public-key cryptography…
Nan Xiao
- 123
- 3
2
votes
3 answers
Would it be okay to check only a part of a hash value
Practically, the hash value of a server host key can be (relatively) long and thoroughly compare it with the record again and again can be annoying. For example, for a given md5 hash value:
43:89:1b:62:fa:5c:86:cf:57:fd:2d:e2:a1:12:9e:d1
What if I…
user129187
2
votes
1 answer
ssh-keygen: sshd host key setup
When setting up an sshd daemon and generating a host key with ssh-keygen -A what options are best practice to add?
How do I remove keys which may have already been auto-generated with sub-optimal options?
Tom Hale
- 2,545
- 3
- 9
- 11
1
vote
1 answer
ssh server encrypted key vs password login
In an openssh-server login to a GNU/Linux machine
to use a private ssh key encrypted with an N-characters passphrase, then sshd_config:
PasswordAuthentication no
PubkeyAuthentication yes
is it equivalent to use a login with a password that is…
stefcud
- 119
- 5
1
vote
1 answer
SSH to github.com only adds RSA keys - excludes ed25519 host keys
I am doing some tests around ssh. From what I have seen a server usually has multiple host keys. When a client tries to connect, it tries to negotiate which key types to use DSA, RSA, ECDSA, etc. But on key signature confirmation by the user, those…
sergiu reznicencu
- 97
- 7