When an SSH client connects to a server for the first time, it displays the fingerprint of the system's SSH public key. You, the user, are supposed to verify the fingerprint before you accept the connection (to protect against a spoofing attack on first connection). Once you accept the ssh client remembers the key & will allow connections to that server in the future & won't bother for a confirmation in the future unless the key changes.
Now - it's pretty easy to set up SSH services on an IOS device, but I have no idea how determine it's finger print. I can get the router to display it's public key, but not the fingerprint. And the SHA/MD5 hash tools that I have don't seem to work to digest the public key value into what is presented by the SSH client.
Does anyone know how to either: A) Display the SSH key fingerprint on the router itself or B) Know of a Windows based tool that can take the public key that the router will display and compute the fingerprint?
The show ssh fingerprint command is not available on my systems (generally 12.2(15)T). Looking at the 12.3 command reference, I don't find it there either.
Show ssh on both the router and the PIX show the status of connections to your router, which is not what I am hoping to find. I need to know the fingerprint that I should expect to see when I connect to the router for the first time from a Windows SSH client (either teraterm or putty).
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...