What is a hostkey in ssh?
-
HostKey(s) in ssh as seen in /etc/ssh directory authenticates hosts when logging into remote hosts. The HostKey is a cryptographic key that has a private and public key-pair. The public hostkey is published to other hosts.
If there is suspicious activity, you will see the man-in-the-middle attack message, however this may also be due to cloning virtual machines and regenerating hostkeys.
The openssh-server creates the hostkeys on startup or first boot.
The first attempt to ssh to another host, you will see the following
$ ssh trainer@training56 The authenticity of host 'training56 (25.149.129.7)' can't be established. ECDSA key fingerprint is SHA256:1a1L4/Xwi/oB7G8raKAiBU3sdffaazzdcqbZzf3Ub9EZTW8. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'training,25.149.129.7' (ECDSA) to the list of known hosts. Last login: Sun Jul 08 23:27:32 2017 from 102.28.235.89
On subsequent ssh connection you will only see the login information and not the ssh information.
The directory know_hosts stores the public host keys from other host connections, usually found in the users home directory: /home/<user>/.ssh/known_hosts
© Lightnetics 2024