As a network administrator I know that there are SSH fingerprints. And of course I know that I must verify the fingerprints for every new connection. ;) But I did not know that there are so many different kinds of fingerprints such as md5- or sha-hashed, represented in base64 or hex, and of course for each public key pair such as RSA, DSA, ECDSA, and Ed25519. Uh, a bit too complicated at a first glance. Hence I draw a picture.
Different Fingerprints
Fingerprints exist for all four SSH key types {rsa|dsa|ecdsa|ed25519}. The raw key is hashed with either {md5|sha-1|sha-256} and printed in format {hex|base64} with or without colons. The public key files on the other hand contain the key in base64 representation. At a glance:
Playing around with Hashes
With some basic Linux tools you can generate the fingerprints in all flavors. Let’s consider only the ECDSA public key for the following examples. You’ll find it in /etc/ssh/ and it looks like the following, which is the base64 representation:
1 2 |
weberjoh@nb15-lx:/etc/ssh$ cat ssh_host_ecdsa_key.pub ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFQJJXTF6gqiB2XQQ5sWT6TTZLBvvebaGu5cdo5Ecu5cJuzwwAakSmtpX/fakRfYUR1XGfWntotsa7HkhoDSvyw= root@jw-nb15-lx |
Displaying the key in raw format does not make much sense. You can try it yourself with:
1 |
awk '{print $2}' ssh_host_ecdsa_key.pub | base64 -d |
With ssh-keygen you can print the fingerprint -l of an input file -f and choose the fingerprint hash type -E. However, MD5 hashes will be presented in hex while SHA-1 and SHA-256 hashes are presented in base64:
1 2 3 4 5 6 |
weberjoh@nb15-lx:/etc/ssh$ ssh-keygen -l -f ssh_host_ecdsa_key.pub -E md5 256 MD5:4b:6d:37:18:f8:2d:48:b3:30:bc:d0:7e:b9:1a:28:b3 root@jw-nb15-lx (ECDSA) weberjoh@nb15-lx:/etc/ssh$ ssh-keygen -l -f ssh_host_ecdsa_key.pub -E sha1 256 SHA1:n2qop+oZXFWzeY7lPw1B+6YJpOw root@jw-nb15-lx (ECDSA) weberjoh@nb15-lx:/etc/ssh$ ssh-keygen -l -f ssh_host_ecdsa_key.pub -E sha256 256 SHA256:Y51GrS3K8r38vdloB8MV8gO7Yk8PViFATY5xYQzc6oU root@jw-nb15-lx (ECDSA) |
Now with some Linux tools you can hash the fingerprint with MD5, SHA-1, and SHA-256. Note that all outputs are hex, hence the first one (MD5, starting with 4b6d) is exactly the same as of ssh-keygen, while the two SHA ones are different due to its representation:
1 2 3 4 5 6 |
weberjoh@nb15-lx:/etc/ssh$ awk '{print $2}' ssh_host_ecdsa_key.pub | base64 -d | md5sum 4b6d3718f82d48b330bcd07eb91a28b3 - weberjoh@nb15-lx:/etc/ssh$ awk '{print $2}' ssh_host_ecdsa_key.pub | base64 -d | sha1sum 9f6aa8a7ea195c55b3798ee53f0d41fba609a4ec - weberjoh@nb15-lx:/etc/ssh$ awk '{print $2}' ssh_host_ecdsa_key.pub | base64 -d | sha256sum 639d46ad2dcaf2bdfcbdd96807c315f203bb624f0f5621404d8e71610cdcea85 - |
To reproduce the base64 output for the SHA hashes such as the output from ssh-keygen you must revert the hex output to binary and then to base64. (Otherwise you would transform the hex string to base64 and not the hash output itself.) Hence the following two outputs are exactly the same as the ones from ssh-keygen. I did not use the base64 encoding for the MD5 hash because this is not used anywhere.
1 2 3 4 |
weberjoh@nb15-lx:/etc/ssh$ awk '{print $2}' ssh_host_ecdsa_key.pub | base64 -d | sha1sum | xxd -r -p | base64 n2qop+oZXFWzeY7lPw1B+6YJpOw= weberjoh@nb15-lx:/etc/ssh$ awk '{print $2}' ssh_host_ecdsa_key.pub | base64 -d | sha256sum | xxd -r -p | base64 Y51GrS3K8r38vdloB8MV8gO7Yk8PViFATY5xYQzc6oU= |
One Key – Four (!) Fingerprints
To sum it up, my single ECDSA public key has the following 4 different looking fingerprints that are all correct (MD5-hex, SHA-1-hex, SHA-256-hex, SHA-256-base64):
1 2 3 4 |
4b6d3718f82d48b330bcd07eb91a28b3 9f6aa8a7ea195c55b3798ee53f0d41fba609a4ec 639d46ad2dcaf2bdfcbdd96807c315f203bb624f0f5621404d8e71610cdcea85 Y51GrS3K8r38vdloB8MV8gO7Yk8PViFATY5xYQzc6oU= |
Using the other 2 public keys (RSA, DSA, Ed25519) as well would give me 12 fingerprints. ;) Note that I am not talking about DSA/ssh-dss anymore since it has security flaws and is disabled by default since OpenSSH 7.0. Also note that I omitted the MD5-base64 and SHA-1-base64 variants since they are not common at all.
Featured image “1+1=3 248/365” by Dennis Skley is licensed under CC BY-ND 2.0.