Tectia

Resolving Hashed Host Keys

Tectia Client includes a tool to resolve which hashed host key belongs to which server. As there can be several server host keys stored on the client-side host, and the file name does not show the server name in, it is sometimes necessary to check if a certain server public key is stored on the client host.

In Tectia Connections Configuration GUI, the tool is available on the Host Keys page. See Managing Host Keys.

On the command line, the command syntax is:

ssh-keygen-g3 -F <servername>@<port>

For example:

ssh-keygen-g3 -F server1@222

The tool shows the location and the fingerprint of the requested server's public key or keys (the fingerprint in the SSH babble format). For example:

Fingerprints for key 'server1#222':
  (from location
   /etc/ssh/ssh_known_hosts:1 ("server1 ssh-dss AAAAB3...")
   (publickey-knownhosts))
xical-dohoz-fafur-ciper-vucam-munod-rykic-nabiv-nigag-fatif-pixex
  (from location
   /home/user44/.ssh/known_hosts:2 ("|1|84+eB1qwbSSvSe0GY...")
   (publickey-knownhosts))
xuvob-vodyt-dilib-koryc-cadek-ryfuv-mufut-bupyb-resuz-fadyz-taxox

The port definition is optional in the command. If no port is given, the default Secure Shell port 22 is assumed. For example:

ssh-keygen-g3 -F server2
Fingerprint for key 'server2':
  (from location
   /home/user44/.ssh2/hostkeys/keys_bf53882dc47bb767edf161a4f636917f8358d635
   (publickey-file))
xuvin-zitil-ducid-gevil-vysok-buviz-nynun-pinat-tylev-gusez-dyxix

If no keys are found for the given server, the ssh-keygen-g3 -F command will report where it looked for the keys, and will conclude as follows:

/ No keys found from any key directories or known_hosts files.