SSH host key fingerprint - through Terminal ssh-keyscan -p 22 domain.com > /tmp/rsa && ssh-keygen -lf /tmp/rsa
Cheers! 2014-09-02 13:40 GMT+02:00 John Leo <john...@checkssh.com>: > "source code" > It's here: > https://checkssh.com/result/indexdotphp.txt > Extremely short and easy to read. > > "trust the service operators" > Hey, trust your own eyes. :-) Feel free to audit/use our code. > > "a better solution is to use Monkeysphere" > Professional "certificate authority" vs "OpenPGP web of trust" > Personally I feel more comfortable with CA. > > Best Wishes, > > > On 2014-9-2 02:48, maxigas wrote: > >> From: John Leo <john...@checkssh.com> >> Subject: [FD] SSH host key fingerprint - through HTTPS >> Date: Mon, 01 Sep 2014 12:41:17 +0800 >> >> This tool displays SSH host key fingerprint - through HTTPS. >>> >>> SSH is about security; host key matters a lot here; and you can know >>> for sure by using this tool. It means you know precisely how to answer >>> this question: >>> The authenticity of host 'blah.blah.blah (10.10.10.10)' can't be >>> established. >>> RSA key fingerprint is >>> a4:d9:a4:d9:a4:d9a4:d9:a4:d9a4:d9a4:d9a4:d9a4:d9a4:d9. >>> Are you sure you want to continue connecting (yes/no)? >>> >>> https://checkssh.com/ >>> >>> We hackers don't want to get hacked. :-) SSH rocks - when host key is >>> right. Enjoy! >>> >> >> Excellent point and thanks for the tool! Indeed, fingerprint >> verification is the absolute weak point of SSH. Here the problem >> is that you have to trust the service operators when you use >> checkssh or set up your own. Is the source code available >> somewhere? >> >> Also, a better solution is to use Monkeysphere which uses the >> public key infrastructure of PGP. It can not just check your SSH >> fingerprints automatically but do a whole lot of other things: >> >> http://web.monkeysphere.info/ >> >> -- >> maxigas, kiberpunk >> FA00 8129 13E9 2617 C614 0901 7879 63BC 287E D166 >> http://research.metatron.ai/ >> >> People the switches! >> >> >> >> >> >> > > _______________________________________________ > Sent through the Full Disclosure mailing list > http://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ > _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
