SSH Tectia

Resolving Hashed Host Keys

SSH Tectia ConnectSecure includes a tool to resolve which hashed host key belongs to which server. As there can be several server host keys stored on the client-side host, and the file name does not show the server name in, it is somethimes necessary to check if a certain server public key is stored on the client host.

The command syntax is:

ssh-keygen-g3 -F <servername>@<port>

For example:

ssh-keygen-g3 -F server1@222

The tool shows the location and the fingerprint of the requested server's public key or keys (the fingerprint in the SSH babble format). For example:

Fingerprints for key 'server1#222':
  (from location
   /etc/ssh/ssh_known_hosts:1 ("server1 ssh-dss AAAAB3...")
   (publickey-knownhosts))
xical-dohoz-fafur-ciper-vucam-munod-rykic-nabiv-nigag-fatif-pixex
  (from location
   /home/user44/.ssh/known_hosts:2 ("|1|84+eB1qwbSSvSe0GY...")
   (publickey-knownhosts))
xuvob-vodyt-dilib-koryc-cadek-ryfuv-mufut-bupyb-resuz-fadyz-taxox

The port definition is optional in the command. If no port is given, the default Secure Shell port 22 is assumed. For example:

ssh-keygen-g3 -F server2
Fingerprint for key 'server2':
  (from location
   /home/user44/.ssh2/hostkeys/keys_bf53882dc47bb767edf161a4f636917f8358d635
   (publickey-file))
xuvin-zitil-ducid-gevil-vysok-buviz-nynun-pinat-tylev-gusez-dyxix

If no keys are found for the given server, the ssh-keygen-g3 -F command will report where it looked for the keys, and will conclude as follows:

/ No keys found from any key directories or known_hosts files.