St. Louis Unix Users Group St. Louis UNIX Users Group   Your forum for exchanging information about open standards,
open systems, open source, products, services and architectures

The first time a client makes a connection to a server, SSH is vulnerable to spoofing, as it does not have a record of the other systems' key. In this situation, SSH will prompt the user before continuing with the connection and will display to the user the "fingerprint" of the remote systems key, to give the user a chance to make a manual comparison. If the fingerprint from the connection matches the fingerprint that is known to be good, go ahead and allow the connection to continue. If not, terminate the connection immediiately. If the fingerprint is accepted, the server's key will be stored locally by the client and the question will normally not be asked again.

An example of an SSH connection to a machine never contacted before:
The authenticity of host 'michelob (' can't be established.
DSA key fingerprint is 7d:a6:9e:39:19:aa:36:89:78:a1:31:4e:74:4a:4f:23.
Are you sure you want to continue connecting (yes/no)?

If the fingerprint from the connection doesn't match the fingerprint that is known to be good, there is a chance that a "man-in-the-middle" attack is being attempted. Of course, there is a greater chance that this web page is out of date due to some future change in SLUUG servers. The key that is used, and thus the fingerprint, will depend on the SSH protocol that is used.

Host IP Address Protocol Key Fingerprint
michelob SSH1/RSA 22:c0:28:88:a9:4a:fd:d4:0d:3d:42:c1:35:07:67:fc
michelob SSH2/DSA 7d:a6:9e:39:19:aa:36:89:78:a1:31:4e:74:4a:4f:23
michelob SSH2/RSA N/A
bud SSH1/RSA N/A
bud SSH2/DSA f9:f2:4a:40:47:ae:85:19:06:cf:0e:f1:73:7b:a6:88 (Changed 06/13/08)
bud SSH2/RSA f8:45:c5:6e:12:9f:d7:2d:19:5f:c5:5c:93:6e:13:de (Changed 05/17/08)
budlight SSH1/RSA N/A
budlight SSH2/DSA 64:46:85:b4:b5:3b:6c:1a:54:28:d8:02:08:9a:54:97 (Changed 05/31/08)
budlight SSH2/RSA fb:4a:06:e0:77:56:de:f7:4c:23:01:5d:c6:22:0e:b1 (Changed 05/31/08)
webdev SSH1/RSA 38:e4:91:19:67:63:79:d7:ca:ed:9a:53:01:d6:66:b2
webdev SSH2/DSA d7:29:fe:77:49:04:d5:d5:bc:3a:dc:9c:30:f2:e3:b1
webdev SSH2/RSA 4d:4c:2d:20:b0:5a:a5:6d:7a:bd:58:c2:3a:f4:d1:dc

All keys are 1024 bits in length.

Many systems have alternate domain names, such as,, or If you use one of the alternate names for a system, you might need to match up the fingerprint by IP address instead of name.

Even though a server is listed here, that doesn't mean it is available for your use. Systems might be only for testing, administration, or other activities not for the general user.

  Home | About Us | Resources | Members | Other Groups | Sponsors | Contacts 
Copyright ©  St. Louis UNIX Users Group  2003-2018 |