从服务器获取指纹
Get fingerprints from a server
如果我只有服务器的 IP 地址并且服务器未在我的 ~/.ssh/known_hosts 文件中列出,我如何从服务器获取 SSH 指纹?
我想看看一些主机密钥。这是我在 Ruby:
中尝试过的
net_ssh_session =
Net::SSH::Transport::Session.new(
target, :port => port, :timeout => timeout, :paranoid => Net::SSH::Verifiers::Null.new)
host_keys = net_ssh_session.host_keys
如果服务器未在我的 ~/.ssh/known_hosts 中列出,我无法获得任何主机密钥。
有 ssh-keyscan,但请注意,不能保证您将从该工具获得的密钥确实是服务器的主机密钥(可能存在中间人攻击,并且您可能正在连接到完全不同的服务器)。
您应该使用安全通道、管理员或使用 remote/local 控制台直接从服务器获取主机密钥。
引用我文章的重要部分Where do I get SSH host key fingerprint to authorize the server?
You should get an SSH host key fingerprint along with your credentials from a server administrator. Knowing the host key fingerprint and thus being able to verify it is an integral part of securing an SSH connection. It prevents man-in-the-middle attacks.
In the real world, most administrators do not provide the host key fingerprint.
Instead you can ask anyone else who has a physical access to the server or who already knows the host key. The host key is only one and hence the same for all users. Also note that the host key fingerprint is generated from a public key part of the host key only. So it is not secret and can be safely sent over an unencrypted (yet trusted) communication channels.
If you do not have anyone else to obtain the fingerprint from, you may need to connect to the server without knowing the fingerprint. Before connecting for the first time, ensure a security of your local machine and a line to the server. For example if you plan to connect to the server from an external site (e.g. from home or a client), but you have a physical access to the server site, connect from the server site the first time (e.g. your workplace).
如果我只有服务器的 IP 地址并且服务器未在我的 ~/.ssh/known_hosts 文件中列出,我如何从服务器获取 SSH 指纹?
我想看看一些主机密钥。这是我在 Ruby:
中尝试过的net_ssh_session =
Net::SSH::Transport::Session.new(
target, :port => port, :timeout => timeout, :paranoid => Net::SSH::Verifiers::Null.new)
host_keys = net_ssh_session.host_keys
如果服务器未在我的 ~/.ssh/known_hosts 中列出,我无法获得任何主机密钥。
有 ssh-keyscan,但请注意,不能保证您将从该工具获得的密钥确实是服务器的主机密钥(可能存在中间人攻击,并且您可能正在连接到完全不同的服务器)。
您应该使用安全通道、管理员或使用 remote/local 控制台直接从服务器获取主机密钥。
引用我文章的重要部分Where do I get SSH host key fingerprint to authorize the server?
You should get an SSH host key fingerprint along with your credentials from a server administrator. Knowing the host key fingerprint and thus being able to verify it is an integral part of securing an SSH connection. It prevents man-in-the-middle attacks.
In the real world, most administrators do not provide the host key fingerprint.
Instead you can ask anyone else who has a physical access to the server or who already knows the host key. The host key is only one and hence the same for all users. Also note that the host key fingerprint is generated from a public key part of the host key only. So it is not secret and can be safely sent over an unencrypted (yet trusted) communication channels.
If you do not have anyone else to obtain the fingerprint from, you may need to connect to the server without knowing the fingerprint. Before connecting for the first time, ensure a security of your local machine and a line to the server. For example if you plan to connect to the server from an external site (e.g. from home or a client), but you have a physical access to the server site, connect from the server site the first time (e.g. your workplace).