Verifying SSH Keys on LINCOMM
When connecting for the first time to a LINCOMM server, or if you receive a "hijacked" error in your SSH client, it is important to verify the authenticity of the SSH key being used to secure your connection.
Connecting to a LINCOMM server for the first time
Each SSH client will display information a little differently, especially since some will use different key exchanges. Below are shown some common clients, but the best practice is to use the information given by the client in order to lookup the SSH Key Fingerprints below to be sure they match.
IF YOUR SSH KEY FINGERPRINTS DO NOT MATCH WHAT IS BELOW, CANCEL YOUR CONNECTION IMMEDIATELY AND CONTACT ERIC DIECKMAN
SecureCRT
Click View Host Key and verify below.
Mac Terminal or other Linux clients
Putty
Connecting to a LINCOMM server and receiving a "hijacked" message
This can indicate a serious security issue, including something known as a man-in-the-middle attack. It is VERY important to match the fingerprints shown by your SSH client with the SSH Key Fingerprints below. Different SSH clients can show different fingerprints. Some common examples are shown below, but it is best practice to use the information given by the SSH client to match the SSH Key Fingerprints.
IF YOUR SSH KEY FINGERPRINTS DO NOT MATCH WHAT IS BELOW, CANCEL YOUR CONNECTION IMMEDIATELY AND CONTACT ERIC DIECKMAN
SecureCRT
Click View Host Key and verify below. Click Accept & Save ONLY IF FINGERPRINTS MATCH.
Mac Terminal or other Linux clients
Verify the SSH key fingerprints below. ONLY IF THEY MATCH, run the following command:
ssh-keygen -R lincomm<#>.aae.wisc.edu
Putty
Verify the SSH key fingerprints below. ONLY IF THEY MATCH, click Yes
LINCOMM SSH Key and Fingerprints
Public Key
---- BEGIN SSH2 PUBLIC KEY ----
AAAAB3NzaC1yc2EAAAADAQABAAABAQDKskFpIU4iXf3PvEj3DYi5VpThvToO4wpg
avy+IRyZhl5k/oBvEEUwma7SQmJggYgpVQOfSUHo5m6YeAXrKO43i/nqcMBCnPFG
NdbNyo6WnSUDwYzYs8m7V8v2TwnSECeU8FfyZFF/g+Gz7PUOYWvFN1qiuHBoozKL
XpmUSzt/PdENmo4tkSMl6Fbm5/pKNnROz3/9a+cz4lKkHgUcNcF7alz+TH6FZv0s
FmxpKW1Oy2PmD0KFnv1GFPrM+70esoE3JqHO1jiIrVY+3IDiWY5xtUXVhS7cM1p8
3nJlpZNTiXSljQBshhOKV2Pdv2QgitLevZRczsz/hMjz/kKg2jpb
---- END SSH2 PUBLIC KEY ----
ECDSA Fingerprints
- MD5:be:8b:19:8d:6a:86:5d:6a:f1:09:f1:59:6f:aa:c9:be
- SHA256:sV68SePE/EVKzFARTP/92XlqLfxMVDouXbIx1vzwWx0
ED25519 Fingerprints
- MD5:69:bd:3c:20:66:57:86:ea:a9:52:db:58:b2:ea:1d:1b
- SHA256:/hBmzZDTe4uxkikM5x67GyiWgA98JwM6qh5ioWzKZFk
RSA Fingerprints
- MD5:ce:c1:f8:2c:8b:7f:dd:5e:42:fb:de:40:74:41:63:5c
- SHA256:XWkk2WwhuRJcRQYHGFJ2SxPDBMQaMwFjdnCk460U06U