fingerprint for the ECDSA key

驗證  fingerprint for the ECDSA key

 

ssh-keygen -t  ecdsa  -f ssh_host_ecdsa_key  

 

 

在B上ssh A ，得到A的fingerprint for the ECDSA key ：請問怎么在A上核實fingerprint for the ECDSA key ？ 

怎么驗證其shu 

 

https://serverfault.com/questions/690855/check-the-fingerprint-for-the-ecdsa-key-sent-by-the-remote-host

 

https://en.wikipedia.org/wiki/Public_key_fingerprint

 

在公開密鑰加密中，公開密鑰指紋（下稱：公鑰指紋）是用於標識較長公共密鑰字節的短序列。指紋通過應用加密散列函數到一個公共密鑰來實現。^[1]由於指紋較比生成它們的密鑰短得多，因此可以用來簡化某些密鑰的管理任務。

 

zh.wikipedia.org/wiki/公開密鑰指紋

 

[root@localhost etc]# ssh 47.103.130.122
The authenticity of host '47.103.130.122 (47.103.130.122)' can't be established.
ECDSA key fingerprint is ae:c6:19:06:c6:bd:45:15:8c:e3:f1:72:8b:db:49:9b.
Are you sure you want to continue connecting (yes/no)?


iZuf6e17yluo9vhmc8zpujZ ssh #  for file in *_key.pub; do   ssh-keygen -lf $file; done
1024 SHA256:nQ0XISn0Ttbg4kyCRKJruL9Tzw+ui41+AHKWU2UTn04 root@iZuf6e17yluo9vhmc8zpujZ (DSA)
256 SHA256:8Op4jTz/yItNN4MubGsGRtSJNwPZngkGDgHXpwqxdkI root@iZuf6e17yluo9vhmc8zpujZ (ECDSA)
256 SHA256:JZ4+J2EqjBaJ5BS1VDQDwXgo0575slnlLLxu8W0gePE root@iZuf6e17yluo9vhmc8zpujZ (ED25519)
2048 SHA256:R4y4F0Z/p91m+hRWid6IkU9nMDd6T5vf1/8vei9mNSk root@iZuf6e17yluo9vhmc8zpujZ (RSA)
iZuf6e17yluo9vhmc8zpujZ ssh # pwd
/etc/ssh
iZuf6e17yluo9vhmc8zpujZ ssh #  for file in *_key.pub; do  cat  $file; done
ssh-dss AAAAB3NzaC1kc3MAAACBAO1lKslvEr+NylRDMx4GfGyvT/nm/QM1a1AKl379uThL2WYEh/ywi5zjf5CoFwVCO+F14UnXO3zn/wfUhfZkaOClWRkyojyz2ZA9MGlcLVGHOKlzFtiwE+G03NOdltKcy4MZSdpHzzN/tObPHlvwJDwxFk4taYRQzSgj9uvjtM+ZAAAAFQDrlKl29qlLUuqIrcmBRf+tzsfR7QAAAIEA0WbxRR4rTFri2yWetsYIu/8rD4+buQhF+WR5qmF3baYDx/chqbiqdEr0tjADcc03N+F9m8qOiAbTpYVyxgAT3U1Pflt5VTF46tcxge2PYXJJf7Vq+Zw9EbosCU2bFzlpxb13bkUex6TCoxwUMLZW5MVtoXILyz1VJppldQURxjgAAACAXcN0d6BzMDO5rnsxYnZpBM4nqkBP8QFFip6P6z2OcNhQqrc7DeWuSINhFCwLydhlK05diQqbZ6+xio484rt+Vy07eDrBMoOAPhZWUNW9gCjPF3A6y2RxoNpHwD1ztbQs3B6ieNcCDzUxOyjLZYM0tlnS5Y2Wt1lmXfSD2jbYs2s= root@iZuf6e17yluo9vhmc8zpujZ
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGRxjDJEj56fDlblsLMlCrSQ+Q9gvdupg0XF1RpFqYj38PzJdqzsOz+twPW11nmz4+DraeRpHRdUlaIdWBcLO9Y= root@iZuf6e17yluo9vhmc8zpujZ
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBBhxEsC+UA64MQa7o/G1Zg4ggNcmlAo+X0mh4M0i5mk root@iZuf6e17yluo9vhmc8zpujZ
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQCwH+6c6MY7Z4C1Kghebq8IcUw1RbfVZaEwiumOmpPPYDM97KthdoOfc+VTKZiRtVI6Qze/rKDaSWtnSHSX/bFzhRXJQiybNQGZ6x1VhlT07+95Wv6ZsWMc0fviWGKgL4ddkSkWNAdNC5XCN+T4azpFnO8WxXYbHIUmgMWYMdfCsFMNvSfGGxB0WhOff/st8EquWeLwgOs2d1sZTKsjBC7hsOqnzYtLcRsuL8XSsHRieVQ2drxyJqVmSJztqdc4uUv00GbE6h2yK/O/GIY2Gp8y6e6SiYNxjPbiqK/M70U2kcOXsp4hGtqM1xQcRjp5mbTxWvma34Tsrfp8uPr65b root@iZuf6e17yluo9vhmc8zpujZ
iZuf6e17yluo9vhmc8zpujZ ssh #

　　

生成公鑰指紋的概括步驟如下：

1. 公鑰（以及任選的一些額外數據）被編碼成一個字節序列，以確保同一指紋以后在相同情況下可以創建，因此編碼必須是確定的，並且任何附加的數據必須與公共密鑰一同存放。附加數據通常是使用此公共密鑰的人應該知道的信息，如：密鑰持有人的身份（此情況下，X.509信任固定的指紋，且所述附加數據包括一個X.509自簽名證書）^[2]。
2. 在前面步驟中產生的數據被散列加密，如使用SHA-1或SHA-2。
3. 如果需要，散列函數的輸出可以縮短，以提供更方便管理的指紋。

產生的短指紋可用於驗證一個很長的公共密鑰。例如，一個典型RSA公共密鑰的長度會在1024位以上，MD5或SHA-1的指紋卻只有128或160位。

當指紋被顯示時，通常被編碼成十六進制字符串。然后，這些字符串格式化成可讀性字符組。例如，如一個128位的MD5指紋SSH將被顯示為：

 43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8

 

[root@localhost ~]# ssh 47.103.130.122
The authenticity of host '47.103.130.122 (47.103.130.122)' can't be established.
ECDSA key fingerprint is ae:c6:19:06:c6:bd:45:15:8c:e3:f1:72:8b:db:49:9b.
Are you sure you want to continue connecting (yes/no)?


iZuf6e17yluo9vhmc8zpujZ ssh # cd /etc/ssh;for i in `ls *.pub`;do echo $i &&  ssh-keygen -lf $i -E md5;done
ssh_host_dsa_key.pub
1024 MD5:81:cc:5f:85:22:06:86:f7:a1:02:53:14:c3:1f:75:31 root@iZuf6e17yluo9vhmc8zpujZ (DSA)
ssh_host_ecdsa_key.pub
256 MD5:ae:c6:19:06:c6:bd:45:15:8c:e3:f1:72:8b:db:49:9b root@iZuf6e17yluo9vhmc8zpujZ (ECDSA)
ssh_host_ed25519_key.pub
256 MD5:09:57:19:76:45:2e:d6:f4:01:06:7b:9d:2d:6f:da:99 root@iZuf6e17yluo9vhmc8zpujZ (ED25519)
ssh_host_rsa_key.pub
2048 MD5:6b:a7:92:ec:c8:03:24:0a:3f:ce:7e:a3:73:fe:e1:6f root@iZuf6e17yluo9vhmc8zpujZ (RSA)
iZuf6e17yluo9vhmc8zpujZ ssh #