version=pmwiki-2.2.130 ordered=1 urlencoded=1 agent=w3m/0.5.3+git20210102 author=jrmu charset=UTF-8 csum= ctime=1628590051 host=38.87.162.8 name=OpenSSH.Connect rev=4 targets=Ssh.Fingerprints,Ircnow.SSHFingerprints,MITM.Intro text=(:title Connect with OpenSSH:)%0a%0a!! How to Connect%0a%0a[@%0a$ ssh username@example.com%0a@]%0a%0aReplace @@username@@ and @@example.com@@.%0a%0aWhen you first connect, OpenSSH will ask if you trust the server's fingerprints:%0a%0a[@%0aThe authenticity of host 'example.com (10.0.0.1)' can't be established.%0aED25519 key fingerprint is SHA256:ofE4jf8n0C+ULqWp4stgCK4+CmFiLl/ysc50azIEkVI.%0aThis key is not known by any other names%0aAre you sure you want to continue connecting (yes/no/[fingerprint])? %0a@]%0a%0aMake sure to first connect using another method to [[ssh/fingerprints|record the ssh fingerprints]]. Or, if you are connecting to IRCNow's servers, check the list of [[ircnow/SSHFingerprints|published fingerprints]].%0a%0a'''WARNING''': If the fingerprints do not match, do '''not''' connect! Make sure to alert your sysadmin; sshd may be configured incorrectly, or even worse, there may be a [[MITM/intro|Man-In-The-Middle Attack]].%0a%0a!! Check SSH Fingerprints%0a%0aServerse can put their SSH fingerprints in DNS using SSHFP records:%0a%0a[@%0a$ ssh -o "VerifyHostKeyDNS ask" username@example.com%0aThe authenticity of host 'example.com (10.0.0.1)' can't be established.%0aED25519 key fingerprint is SHA256:ofE4jf8n0C+ULqWp4stgCK4+CmFiLl/ysc50azIEkVI.%0aMatching host key fingerprint found in DNS.%0aThis key is not known by any other names%0aAre you sure you want to continue connecting (yes/no/[fingerprint])?%0a@]%0a%0aReplace @@username@@ and @@example.com@@.%0a%0aIf SSHFP is set correctly, you should see this line:%0a%0a[@%0aMatching host key fingerprint found in DNS.%0a@]%0a%0aDNSSEC should be enabled for better security.%0a%0aIf the host key fingerprint does not match, you might want to reconsider connecting.%0a time=1628590752 title=Connect with OpenSSH author:1628590752=jrmu diff:1628590752:1628590551:=22,23d21%0a%3c '''WARNING''': If the fingerprints do not match, do '''not''' connect! Make sure to alert your sysadmin; sshd may be configured incorrectly, or even worse, there may be a [[MITM/intro|Man-In-The-Middle Attack]].%0a%3c %0a36,37d33%0a%3c %0a%3c Replace @@username@@ and @@example.com@@.%0a host:1628590752=38.87.162.8 author:1628590551=jrmu diff:1628590551:1628590418:=20c20%0a%3c Make sure to first connect using another method to [[ssh/fingerprints|record the ssh fingerprints]]. Or, if you are connecting to IRCNow's servers, check the list of [[ircnow/SSHFingerprints|published fingerprints]].%0a---%0a> Make sure to check the fingerprints [[match known fingerprints]]%0a host:1628590551=38.87.162.8 author:1628590418=jrmu diff:1628590418:1628590051:=1,4c1,2%0a%3c (:title Connect with OpenSSH:)%0a%3c %0a%3c !! How to Connect%0a%3c %0a---%0a> !! Connect%0a> %0a10,20d7%0a%3c %0a%3c When you first connect, OpenSSH will ask if you trust the server's fingerprints:%0a%3c %0a%3c [@%0a%3c The authenticity of host 'example.com (10.0.0.1)' can't be established.%0a%3c ED25519 key fingerprint is SHA256:ofE4jf8n0C+ULqWp4stgCK4+CmFiLl/ysc50azIEkVI.%0a%3c This key is not known by any other names%0a%3c Are you sure you want to continue connecting (yes/no/[fingerprint])? %0a%3c @]%0a%3c %0a%3c Make sure to check the fingerprints [[match known fingerprints]]%0a host:1628590418=38.87.162.8 author:1628590051=jrmu diff:1628590051:1628590051:=1,30d0%0a%3c !! Connect%0a%3c %0a%3c [@%0a%3c $ ssh username@example.com%0a%3c @]%0a%3c %0a%3c Replace @@username@@ and @@example.com@@.%0a%3c %0a%3c !! Check SSH Fingerprints%0a%3c %0a%3c Serverse can put their SSH fingerprints in DNS using SSHFP records:%0a%3c %0a%3c [@%0a%3c $ ssh -o "VerifyHostKeyDNS ask" username@example.com%0a%3c The authenticity of host 'example.com (10.0.0.1)' can't be established.%0a%3c ED25519 key fingerprint is SHA256:ofE4jf8n0C+ULqWp4stgCK4+CmFiLl/ysc50azIEkVI.%0a%3c Matching host key fingerprint found in DNS.%0a%3c This key is not known by any other names%0a%3c Are you sure you want to continue connecting (yes/no/[fingerprint])?%0a%3c @]%0a%3c %0a%3c If SSHFP is set correctly, you should see this line:%0a%3c %0a%3c [@%0a%3c Matching host key fingerprint found in DNS.%0a%3c @]%0a%3c %0a%3c DNSSEC should be enabled for better security.%0a%3c %0a%3c If the host key fingerprint does not match, you might want to reconsider connecting.%0a host:1628590051=38.87.162.8