Verifying an IOS device's SSH fingerprint

kurtpatzer · ‎11-22-2003

When an SSH client connects to a server for the first time, it displays the fingerprint of the system's SSH public key. You, the user, are supposed to verify the fingerprint before you accept the connection (to protect against a spoofing attack on first connection). Once you accept the ssh client remembers the key & will allow connections to that server in the future & won't bother for a confirmation in the future unless the key changes.

Now - it's pretty easy to set up SSH services on an IOS device, but I have no idea how determine it's finger print. I can get the router to display it's public key, but not the fingerprint. And the SHA/MD5 hash tools that I have don't seem to work to digest the public key value into what is presented by the SSH client.

Does anyone know how to either: A) Display the SSH key fingerprint on the router itself or B) Know of a Windows based tool that can take the public key that the router will display and compute the fingerprint?

Thanks,

KEP

lwierenga · ‎11-23-2003

Hopefully, this will help:

PIX:

show ssh [sessions [ip_address]]

Router:

show ssh fingerprint

kurtpatzer · ‎11-24-2003

Hello,

The show ssh fingerprint command is not available on my systems (generally 12.2(15)T). Looking at the 12.3 command reference, I don't find it there either.

Show ssh on both the router and the PIX show the status of connections to your router, which is not what I am hoping to find. I need to know the fingerprint that I should expect to see when I connect to the router for the first time from a Windows SSH client (either teraterm or putty).

Thanks,

KEP