SSH - Host Key (or Ssh Public Key)

> SSH (Secure Shell) - Remote Access

1 - About

host keys are just ordinary SSH key pairs. Each host can have one host key for each algorithm.

You should get an SSH host key fingerprint along with your credentials from a server administrator in order to prevent man-in-the-middle attacks.


3 - Management

3.1 - Create

The host keys are usually automatically generated when an SSH server is installed but you can recreate them on the server with keygen

ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key
2048 0d:f4:2e:7b:be:e1:4c:0b:06:52:2b:4d:a4:51:1f:74 /etc/ssh/ (RSA)
  • Others
ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key
ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key

3.2 - Location

3.2.1 - Client

3.2.2 - Server

On the server: Host keys are stored in the /etc/ssh/ directory. - Key Pair

The host keys are almost always stored in the following files:

Advertising - Public
ls /etc/ssh/*.pub
cat /etc/ssh/
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDwnFlKBk9t/pfd7vQGBrk+JNghDFJRa7G0rLrIoXUTtxconS7qZsZyTfEeh+l2cowWpKxpf03KyxouT7B3IdNjwXWHNKloQcE/8FYLhlcVw+Aicji5oUMdTfTberzCluYIyz4PUwE8rmgNejQbVLhl+lOfoacPMUJ4P6ahQ71WFTmFTEZ+CFnAmHeqtG7scl53DkICnXPkZ+57ymh1WM9h0kYFxVcZBXg7BOZpI/wrXkuWRXU6wpYHS481q/pjJTiLXZGIQhcXg1/inOCMgC1B9W92Rq/aviknWSS98/xQi2JbduG7Jw9Dn523Rs3nutUAQ6CMK7owjVtnvb54Bs1B [email protected]

3.3 - Format

3.3.1 - Fingerprint

The fingerpint of a public key consists of the MD5 of the public key. This is the same data that is base64 encoded to form the body of the public key file.

See The Secure Shell (SSH) Public Key File Format

4 - Documentation / Reference