Connection may not safe
When we connet to a new remote server host by SSH, we will get a message as bellow:
The authenticity of host ‘www.xxx.com (111.222.79.80)’ can’t be established. RSA key fingerprint is SHA256:YeeQv5k0nGXjV1Fz3Xaw/KtXFYqCVzn3danbSkBbfqU. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])?
Most people will enter ‘yes’ without verifing key fingerprint.
It may be dangerous. We don’t know the response message is from your remote host or form a hacker.
Verifing key fingerprint
Check RSA fingerprint
Excute following codes on your remote server host.
ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pubOutputs:
2048 SHA256:YeeQv5k0nGXjV1Fz3Xaw/KtXFYqCVzn3danbSkBbfqU
The YeeQv5k0nGXjV1Fz3Xaw/KtXFYqCVzn3danbSkBbfqU is the RSA key fingerprint of this server.
It must be consistent with the RSA key fingerprint SSH client outpust when connecting to a new server.
Check ECDSA fingerprint
Excute following codes on your remote server host.
ssh-keygen -lf /etc/ssh/ssh_host_ecdsa_key.pubOutputs:
256 SHA256:YzMKWRLXsfCWCTHmAATMRCCv4Fjk2PgopuVcC8eMh50
The YzMKWRLXsfCWCTHmAATMRCCv4Fjk2PgopuVcC8eMh50 is the RSA key fingerprint of this server.