Score:1

I used ssh-keyscan in production environment. is it possible to revert back?

ro flag

I used ssh-keyscan in production environment, after got to know it may allows MITM. I check in known_hosts files, fingerprint is not there. where can i check or is there any option?

Score:2
cn flag
Bob

The known_hosts file does not contain finger prints, only the full (public) keys that you added.

To display the finger prints use ssh-keygen -l -f ~/.ssh/known_hosts and if you like to add the -v switch to also show a visual ASCII art representation of the key is supplied with the fingerprint.

ssh-keygen -l -f ~/.ssh/known_hosts

2048 SHA256:2ggdJPUVnjTHdG36iGw7Du8knzvPSLgF6fTBUhzn3d5 service.example.com,192.168.2.87 (RSA)
256  SHA256:6QZWKiXoFC8qRg3ZhClY4RcUPX8F2ROOREmysPT5JW9 example.com (ECDSA)

The actual known_hosts file will look something like this:

service.example.com,192.168.2.87 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA...8sw==
example.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNo..C0N9T3Y4poTAXTuMyXZEPRywi28=

Each line in the known_hosts file contains the following fields: markers (optional), hostnames, keytype, base64-encoded key, comment. The fields are separated by spaces.

When HashKnownHosts is set, the hostnames may be stored in a hashed form. Hashed hostnames start with a | character.

Ajith avatar
ro flag
whether i need to delete the fingerprint or i can leave like that. How to remove the user from that server?
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.