fingerprint for the ECDSA key

验证  fingerprint for the ECDSA key

 

ssh-keygen -t  ecdsa  -f ssh_host_ecdsa_key  

 

 

在B上ssh A ,得到A的fingerprint for the ECDSA key :请问怎么在A上核实fingerprint for the ECDSA key ? 

怎么验证其shu 

 

https://serverfault.com/questions/690855/check-the-fingerprint-for-the-ecdsa-key-sent-by-the-remote-host

 

https://en.wikipedia.org/wiki/Public_key_fingerprint

 

公开密钥加密中,公开密钥指纹(下称:公钥指纹)是用于标识较长公共密钥字节的短序列。指纹通过应用加密散列函数到一个公共密钥来实现。[1]由于指纹较比生成它们的密钥短得多,因此可以用来简化某些密钥的管理任务。

 

zh.wikipedia.org/wiki/公开密钥指纹

 

[root@localhost etc]# ssh 47.103.130.122
The authenticity of host '47.103.130.122 (47.103.130.122)' can't be established.
ECDSA key fingerprint is ae:c6:19:06:c6:bd:45:15:8c:e3:f1:72:8b:db:49:9b.
Are you sure you want to continue connecting (yes/no)?


iZuf6e17yluo9vhmc8zpujZ ssh #  for file in *_key.pub; do   ssh-keygen -lf $file; done
1024 SHA256:nQ0XISn0Ttbg4kyCRKJruL9Tzw+ui41+AHKWU2UTn04 root@iZuf6e17yluo9vhmc8zpujZ (DSA)
256 SHA256:8Op4jTz/yItNN4MubGsGRtSJNwPZngkGDgHXpwqxdkI root@iZuf6e17yluo9vhmc8zpujZ (ECDSA)
256 SHA256:JZ4+J2EqjBaJ5BS1VDQDwXgo0575slnlLLxu8W0gePE root@iZuf6e17yluo9vhmc8zpujZ (ED25519)
2048 SHA256:R4y4F0Z/p91m+hRWid6IkU9nMDd6T5vf1/8vei9mNSk root@iZuf6e17yluo9vhmc8zpujZ (RSA)
iZuf6e17yluo9vhmc8zpujZ ssh # pwd
/etc/ssh
iZuf6e17yluo9vhmc8zpujZ ssh #  for file in *_key.pub; do  cat  $file; done
ssh-dss AAAAB3NzaC1kc3MAAACBAO1lKslvEr+NylRDMx4GfGyvT/nm/QM1a1AKl379uThL2WYEh/ywi5zjf5CoFwVCO+F14UnXO3zn/wfUhfZkaOClWRkyojyz2ZA9MGlcLVGHOKlzFtiwE+G03NOdltKcy4MZSdpHzzN/tObPHlvwJDwxFk4taYRQzSgj9uvjtM+ZAAAAFQDrlKl29qlLUuqIrcmBRf+tzsfR7QAAAIEA0WbxRR4rTFri2yWetsYIu/8rD4+buQhF+WR5qmF3baYDx/chqbiqdEr0tjADcc03N+F9m8qOiAbTpYVyxgAT3U1Pflt5VTF46tcxge2PYXJJf7Vq+Zw9EbosCU2bFzlpxb13bkUex6TCoxwUMLZW5MVtoXILyz1VJppldQURxjgAAACAXcN0d6BzMDO5rnsxYnZpBM4nqkBP8QFFip6P6z2OcNhQqrc7DeWuSINhFCwLydhlK05diQqbZ6+xio484rt+Vy07eDrBMoOAPhZWUNW9gCjPF3A6y2RxoNpHwD1ztbQs3B6ieNcCDzUxOyjLZYM0tlnS5Y2Wt1lmXfSD2jbYs2s= root@iZuf6e17yluo9vhmc8zpujZ
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGRxjDJEj56fDlblsLMlCrSQ+Q9gvdupg0XF1RpFqYj38PzJdqzsOz+twPW11nmz4+DraeRpHRdUlaIdWBcLO9Y= root@iZuf6e17yluo9vhmc8zpujZ
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBBhxEsC+UA64MQa7o/G1Zg4ggNcmlAo+X0mh4M0i5mk root@iZuf6e17yluo9vhmc8zpujZ
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQCwH+6c6MY7Z4C1Kghebq8IcUw1RbfVZaEwiumOmpPPYDM97KthdoOfc+VTKZiRtVI6Qze/rKDaSWtnSHSX/bFzhRXJQiybNQGZ6x1VhlT07+95Wv6ZsWMc0fviWGKgL4ddkSkWNAdNC5XCN+T4azpFnO8WxXYbHIUmgMWYMdfCsFMNvSfGGxB0WhOff/st8EquWeLwgOs2d1sZTKsjBC7hsOqnzYtLcRsuL8XSsHRieVQ2drxyJqVmSJztqdc4uUv00GbE6h2yK/O/GIY2Gp8y6e6SiYNxjPbiqK/M70U2kcOXsp4hGtqM1xQcRjp5mbTxWvma34Tsrfp8uPr65b root@iZuf6e17yluo9vhmc8zpujZ
iZuf6e17yluo9vhmc8zpujZ ssh #

  

生成公钥指纹的概括步骤如下:

  1. 公钥(以及任选的一些额外数据)被编码成一个字节序列,以确保同一指纹以后在相同情况下可以创建,因此编码必须是确定的,并且任何附加的数据必须与公共密钥一同存放。附加数据通常是使用此公共密钥的人应该知道的信息,如:密钥持有人的身份(此情况下,X.509信任固定的指纹,且所述附加数据包括一个X.509自签名证书[2]
  2. 在前面步骤中产生的数据被散列加密,如使用SHA-1SHA-2
  3. 如果需要,散列函数的输出可以缩短,以提供更方便管理的指纹。

产生的短指纹可用于验证一个很长的公共密钥。例如,一个典型RSA公共密钥的长度会在1024位以上,MD5或SHA-1的指纹却只有128或160位。

当指纹被显示时,通常被编码成十六进制字符串。然后,这些字符串格式化成可读性字符组。例如,如一个128位的MD5指纹SSH将被显示为:

 43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8

 

[root@localhost ~]# ssh 47.103.130.122
The authenticity of host '47.103.130.122 (47.103.130.122)' can't be established.
ECDSA key fingerprint is ae:c6:19:06:c6:bd:45:15:8c:e3:f1:72:8b:db:49:9b.
Are you sure you want to continue connecting (yes/no)?


iZuf6e17yluo9vhmc8zpujZ ssh # cd /etc/ssh;for i in `ls *.pub`;do echo $i &&  ssh-keygen -lf $i -E md5;done
ssh_host_dsa_key.pub
1024 MD5:81:cc:5f:85:22:06:86:f7:a1:02:53:14:c3:1f:75:31 root@iZuf6e17yluo9vhmc8zpujZ (DSA)
ssh_host_ecdsa_key.pub
256 MD5:ae:c6:19:06:c6:bd:45:15:8c:e3:f1:72:8b:db:49:9b root@iZuf6e17yluo9vhmc8zpujZ (ECDSA)
ssh_host_ed25519_key.pub
256 MD5:09:57:19:76:45:2e:d6:f4:01:06:7b:9d:2d:6f:da:99 root@iZuf6e17yluo9vhmc8zpujZ (ED25519)
ssh_host_rsa_key.pub
2048 MD5:6b:a7:92:ec:c8:03:24:0a:3f:ce:7e:a3:73:fe:e1:6f root@iZuf6e17yluo9vhmc8zpujZ (RSA)
iZuf6e17yluo9vhmc8zpujZ ssh #

  

 

posted @ 2019-08-20 20:59  papering  阅读(5276)  评论(0编辑  收藏  举报