如果我只有服务器的 IP 地址并且该服务器未在我的 ~/.ssh/known_hosts 文件中列出,如何从服务器获取 SSH 指纹?
我想查看一些主机 key 。这是我在 Ruby 中尝试过的:
net_ssh_session =
Net::SSH::Transport::Session.new(
target, :port => port, :timeout => timeout, :paranoid => Net::SSH::Verifiers::Null.new)
host_keys = net_ssh_session.host_keys
如果服务器未在我的 ~/.ssh/known_hosts 中列出,我无法获取任何主机 key 。
最佳答案
引用我文章的重要部分Where do I get SSH host key fingerprint to authorize the server?
You should get an SSH host key fingerprint along with your credentials from a server administrator. Knowing the host key fingerprint and thus being able to verify it is an integral part of securing an SSH connection. It prevents man-in-the-middle attacks.
In the real world, most administrators do not provide the host key fingerprint.
Instead you can ask anyone else who has a physical access to the server or who already knows the host key. The host key is only one and hence the same for all users. Also note that the host key fingerprint is generated from a public key part of the host key only. So it is not secret and can be safely sent over an unencrypted (yet trusted) communication channels.
If you do not have anyone else to obtain the fingerprint from, you may need to connect to the server without knowing the fingerprint. Before connecting for the first time, ensure a security of your local machine and a line to the server. For example if you plan to connect to the server from an external site (e.g. from home or a client), but you have a physical access to the server site, connect from the server site the first time (e.g. your workplace).
关于ssh - 从服务器获取指纹,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/40189430/