11.3.2 Checking the host public key
Each SSH server has a different host key pair so that SSH client can see SSH server. On SSH client side, when connecting to SSH server for the first time or when the host public key is changed, a message is displayed to confirm the fingerprint of that server. In this case, it is possible to connect more safely by obtaining the fingerprint (or host public key) of the connection destination server in advance and visually checking it at the time of connection.
You can use show ssh hostkey commandto see SSHv1/SSHv2's host-public key and its fingerprint.
> show ssh hostkey Date 20XX/01/20 12:00:00 UTC ******* SSHv1 Hostkey ******* 1024 65537 146987971773759596612099632123526290876813242218856178693006902279752499641505633273 74294515778228277627736937005824220192838922145093952246943786354524785835232009819519418410439 05657066855796690911797058967562169284131198788610748307323233604943076115695684771646338245359 75566336906750637684297547763208749 1024-bit rsa1 hostkey Fingerprint for key: SHA256:gblxC3SCNJsZfjaV5BC6rcckTR+B/hYYTEcBEQO00m8 MD5:c9:d5:c0:4f:1b:2e:ff:b7:2e:9d:c3:66:ed:93:d3:4e ******* SSHv2 DSA Hostkey ******* ssh-dss AAAAB3NzaC1kc3MAAACBAJenC0V9Xr8ahylD8fqpiAIYGwpjoRqDosb9udd/bDkxicU5YAhwsKktXvh5lPI+GDL 0JVB5hHOVmVCH45PAcoAx+xrEvL2wjoghhLVzDbTfyCCtehxvfcsVxoJSBhGggtWTmllytogGvE3us2vCgEybau8qIpUy+B iA7ONunIDpAAAAFQDz1v9c2U8Eh5xNCApzCFL2ez48gwAAAIAOeAgtPewuIHY1Q3z00SawBa2xWrLxly4WcFrzfAja9GIRp /+s3iJLu/6UZ5nyMyjSF10KAZUzFSG+HteGE/pLB1c+r4B2okzZVH1R7tnst/LAoDg3fQObTF74+j7cGMIwgE0i1E8hciHq 9NmQ9RBe2uBxsej8crzXDTpljfP/gQAAAIB3IWnKpTSvI4Rs49ItzGY+SS5DfkSy+BKB1VFB1xoUr/DYFpT4Q4kA3RTuPFx pjElEIIUP5/+WET/iJSBizyfpwM/lairBhWtSNyOcjeWLD9eYVhw1HqexjQLl8BvTFQtICWWvsviYgNGUGfwTH0RZ6B5HKK O5IVs6bh2VVHoq2A== 1024-bit dsa hostkey Fingerprint for key: SHA256:EH9axeEZO+hj5qzBRqx4fgyncb/J5BN4DffD/my9tN8 MD5:21:b9:aa:78:66:df:02:67:01:48:86:88:cb:31:c4:da ******* SSHv2 RSA Hostkey ******* ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQ0re6puJtq2gqvyZwzWVqlJgxPuXo7EphTgysp4av+LaGYdiU2jYoQ66 Eo4759z4fZQ/yHtXJicaDMvIz3iNbBQTr01x4F/5m1oR5UJS7XHfhqc5pGNLKglEaIZo8dJkKOo72xI1HERY11ICobKshhW HpGP95WmrRIdxBGUDZKBIk8iW0CeS5duMksrL9O0LMLf1+NXkELmJBT/npMkHiZHBPJcKn1kPRiq5X8igO3THLKeYcPUzOP OkUAUrIDT42s8oJG2FkwO6CIewQcGK9zkCcqKPyFyZahDI8OvwZ05o7VOQb3/sLNiFZfQlRqoGxpiGvNZae76Hb6kS3+cOJ +Yyu/Tbz5kKK0Bz70dxb+4DqClV7yYfquiTdues6hOO8+KAUttNf/w3PNSyjFUFyRxcEDENvxDDq11/gA78VXWitre1ZMin 9ybsSEZGzIS7OzDd0I5/AosKcYNWGkLRrBdGFcB5mJ/9haTALMOWsyxbF3RjXMvcCWVUpxbGKuqs= 3072-bit rsa host key Fingerprint for key: SHA256:lnaICZdvjFnmZoRCum+XblmhEmcilZhq15w4W8R3vOg MD5:81:48:0e:52:a6:7f:64:d8:29:57:e8:fb:4b:34:bb:a0 ******* SSHv2 ECDSA Hostkey ******* ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBNLBG8RhJwOBU8Z/e+c1wz6 qwZP+IHXM6iUINja2EMOi947VPI8/CA7ZK2INnUW7lXaqkeu6LihUN68wwz8Gisgx9sAPthB3VkNqBEsvKjxk2aSC1/neyg mD5H/5Wo9Q6A== 384-bit ecdsa hostkey Fingerprint for key: SHA256:rnuan5fOrHpNP8IVbZgKNt+t+x/EVTxWKF3tF2CMRA0 MD5:69:5f:70:c3:a0:09:91:e8:70:12:fe:c5:52:21:fe:19 > |