One shasum to trust them and in known_hosts bind them.
The default behaviour of ssh in debian testing has changed a bit: now it uses ECDSA and shows SHA256 fingerprints by default instead of using RSA and showing MD5 fingerprints.
Of course, most listings of host fingerprints still only show MD5 fingerprints for an RSA key.
This is a way to ask a server for its keys and print their fingerprints, allowing some crosscheck.
I can think of an attack on this: somebody could intercept the communication, send you the right RSA pubkey and their own ECDSA, and then redirect the communication toward their own host.
Relevant links:
http://permalink.gmane.org/gmane.linux.debian.devel.mentors/71789
http://bridge.grumpy-troll.org/2011/01/openssh/
http://www.enricozini.org/2008/tips/ssh-host-key-fingerprint/
(Post title courtesy of @Enrico Zini )
Of course, most listings of host fingerprints still only show MD5 fingerprints for an RSA key.
This is a way to ask a server for its keys and print their fingerprints, allowing some crosscheck.
$ ssh-keyscan -t rsa,ecdsa $SERVER > keys.pub && ssh-keygen -lf keys.pub -E md5
$ # check the results against the published listing
$ ssh-keygen -lf keys.pubI can think of an attack on this: somebody could intercept the communication, send you the right RSA pubkey and their own ECDSA, and then redirect the communication toward their own host.
Relevant links:
http://permalink.gmane.org/gmane.linux.debian.devel.mentors/71789
http://bridge.grumpy-troll.org/2011/01/openssh/
http://www.enricozini.org/2008/tips/ssh-host-key-fingerprint/
(Post title courtesy of @Enrico Zini )
As of ssh 6.8:
- ssh(1), sshd(8): Experimental host key rotation support. Add a
protocol extension for a server to inform a client of all its
available host keys after authentication has completed. The client
may record the keys in known_hosts, allowing it to upgrade to better
host key algorithms and a server to gracefully rotate its keys.
The client side of this is controlled by a UpdateHostkeys config
option (default off).
https://lwn.net/Articles/637156/
Should also work for learning new key types.
interesting, the 2011 article mentioned that not having autolearning of new key was a design choice, but maybe it was just not having autolearning in the old way.