6

I've setup a GitLab VM, and have created a project on it. Now I'm trying to connect to it from another machine using my git client (Git for Windows v2.7.1...also tried upgrading to latest version which is 2.15.1, but no change).

On the Windows machine, I try:

git push -u origin --all
The authenticity of host 'localgit.local (10.1.2.3)' can't be established.
ECDSA key fingerprint is SHA256:twmcV7LjBtI9vUsDeFEHeH0lUcBAihWtGye0K9vHCrk.
Are you sure you want to continue connecting (yes/no)? no

I chose "no" because when I went to double check that on the VM, I found a different fingerprint:

ssh-keygen -lf /etc/ssh/ssh_host_ecdsa_key.pub
256 7e:e4:4e:7f:47:b0:41:75:2c:45:bd:be:f5:44:77:d7 /etc/ssh/ssh_host_ecdsa_key.pub (ECDSA)

Ok, it's in hex format, so I'll just convert that to base64, right?

hex: 7ee44e7f47b041752c45bdbef54477d7
base64: fuROf0ewQXUsRb2+9UR31w==

Well that doesn't match...what if I go the other way and convert that base64 fingerprint to hex and see what it looks like? Turns out I cannot, it is 43 characters, and a base64 string must have a length that is a multiple of 4.

Any ideas on what I'm missing here?

Anssssss
  • 163
  • 1
  • 6
  • Crossdupe https://crypto.stackexchange.com/questions/37019/how-to-verify-a-severs-ecdsa-fingerprint-during-ssh/37036#37036 (mine) and https://superuser.com/questions/421997/what-is-a-ssh-key-fingerprint-and-how-is-it-generated – dave_thompson_085 Dec 20 '17 at 06:26

2 Answers2

1

The octets-separated-by-colons format is an MD5 fingerprint, not a SHA256 fingerprint. You can't directly convert one to the other (well, you kinda could, perhaps, if you reverse the MD5 fingerprint, but that still takes a bit of CPU power).

That ssh-keygen is outputting an MD5 fingerprint suggests that that machine may be running a rather old version of OpenSSH, because the default output format these days is SHA256. You can try passing -E sha256 to ssh-keygen to get it to output a SHA256 hash, in case there's a version that supported SHA256 but defaulted to MD5, and you happen to be running it, but I wouldn't want to say it'll work for sure.

If you can't get your version of ssh-keygen to output SHA256, the other option is to "downgrade" the SSH client to output an MD5 fingerprint on connection. For that, you need to set -o FingerprintHash=md5 on the command line (or FingerprintHash md5 in the SSH config). Exactly how best to do that, given you're running SSH via git, is left as an exercise for the astute reader. <grin>

Sidebar: the reason why the base64 SHA256 hash isn't the "right" number of characters is because a SHA256 hash isn't the "right" number of characters to fit into a base64 string without some trailing = signs. Since the last few characters will "always" be = signs, they just get dropped, which saves a couple of useless characters.

womble
  • 95,029
  • 29
  • 173
  • 228
  • Reversing either hash wouldn't work - even if you had the computing power to do so. The preimage is unlikely to be unique and if you get a different preimage then the other hash would be wrong. A much better way to know if the two hashes match would be for the warning from the ssh client to display both hashes. Not sure if such a feature exist, but in principle it would be an easy feature to implement. – kasperd Dec 20 '17 at 00:01
  • Well, ssh-keygen has no version parameter, doesn't seem to like that -E option either, so I checked and the OpenSSH version I have on that VM is "OpenSSH_6.7p1 Debian-5+deb8u3, OpenSSL 1.0.1t 3 May 2016". I'll try updating things an see if that lets me get a sha256 hash. – Anssssss Dec 20 '17 at 00:06
  • Never mind about upgrading - apparently that's a whole other rabbit hole. I figured out how to get the sha256 hash value on the server side so I can verify it matches what the client sees. You were right, the client isn't padding it with equals signs. `sed "s/.* \(.*\) .*/\1/g" /etc/ssh/ssh_host_ecdsa_key.pub | base64 --decode | openssl dgst -binary -sha256 | openssl base64` produced `twmcV7LjBtI9vUsDeFEHeH0lUcBAihWtGye0K9vHCrk=` – Anssssss Dec 20 '17 at 00:33
  • @kasperd hey, I said "perhaps"! – womble Dec 20 '17 at 00:35
0

I had the same question, so I dug little bit deeper.

On the linux server, you can run

awk '{print $2}' /etc/ssh/ssh_host_ecdsa_key.pub | base64 -d | sha256sum -b | sed 's/ .*$//' | xxd -r -p | base64

to generate the same SHA256+Base64 fingerprint that shows up when your client tries to connect.

Source: https://www.lastbreach.com/blog/ssh-public-key-verification-with-fingerprinthash

HorstKevin
  • 121
  • 5