The server's host key is unknown - Gregg Hosting

The affects of Web Hosts on Your Business Website

Here're ways your choice of web hosting service provider impacts the performance of your business:


check

Website loading speed

check

Uptime and availability

check

Customer support

check

Security

check

Server location

The server’s host key is unknown

The server’s host key is unknown

Overview

This post will show you how to make sure you’re connected to a GreggHost server and that it’s secure. DO NOT CONNECT TO THE SERVER if the fingerprint values do not match what appears in your GreggHost panel after following the steps in this article. Please contact GreggHost support so that they can look into why the fingerprints aren’t matching.

SSH keys are assigned to each GreggHost server individually. These keys are needed to identify the server and ensure a secure and reliable connection. When you initially connect to your server with an SSH application or terminal, it checks the keys. You will notice the following warning since they are not presently stored on your computer:

The host key for the server is unknown. You have no way of knowing whether or not the server is the computer you believe it is.

This article will show you how to double-check that the key you’re looking at is right. After that, you can safely log into the server.

Verifying the fingerprint using an FTP client

The examples that follow must be run in an SSH terminal. For more information, see the following articles:

Overview of SSH
Clients for SSH
You may notice the following warning when you first connect into a GreggHost server:

The host key for the server is unknown. You have no way of knowing whether or not the server is the computer you believe it is.

Consider the following scenario:

Go to the SSH Keys page to make sure this is the right server. On that screen, you’ll see your server, as well as the Fingerprints that correspond to it.

Consider the following scenario:

To make sure it’s the same server, compare the two. Accept the warning and log in properly after that.

Using SSH to verify the server’s fingerprint

A few commands in SSH can be used to validate the server’s fingerprint. Please keep in mind that some commands are only compatible with specific versions of OpenSSH. Run the following command to check your current version:

$ ssh -V [server]
This returns the version number as a response. If the version is lower than 6.8, a few commands will not work.

The fingerprints from the shared server batroc will be used in the following examples:

 

Version 7.6p1 of OpenSSH was used.
FingerprintHash is a typical command to run.

[server] Check the RSA (MD5) fingerprint

$ ssh batroc.dreamhost.com -o HostKeyAlgorithms=ssh-rsa -o FingerprintHash=md5
It is unable to verify the legitimacy of host ‘batroc.dreamhost.com (67.205.12.21)’.
MD5:a1:85:cc:7b:06:c9:14:f3:a8:38:7a:95:76:f1:17:eb is the RSA key fingerprint.
[server] Check the RSA (SHA256) fingerprint
ssh -o HostKeyAlgorithms=ssh-rsa -o FingerprintHash=sha256 $ ssh -o HostKeyAlgorithms=ssh-rsa -o FingerprintHash=sha256 batroc.dreamhost.com
It is unable to verify the legitimacy of host ‘batroc.dreamhost.com (67.205.12.21)’.
The RSA key fingerprint is mYNdKXseiTyZVeIdXNqy8rJTfrKnBo2QG1XK9DdUSYc:mYNdKXseiTyZVeIdXNqy8rJTfrKnBo2QG1XK9DdUSYc:mYNdKXseiTyZVeIdXN
[server] Check the ECDSA (MD5) fingerprint
$ ssh batroc.dreamhost.com -o HostKeyAlgorithms=ecdsa-sha2-nistp256 -o FingerprintHash=md5
It is unable to verify the legitimacy of host ‘batroc.dreamhost.com (67.205.12.21)’.
MD5:08:88:80:ff:e8:dd:4a:4f:6b:3a:64:cf:8c:84:f2:13 is the ECDSA key fingerprint.
[server] Check the ECDSA (SHA256) fingerprint
$ ssh batroc.dreamhost.com -o HostKeyAlgorithms=ecdsa-sha2-nistp256 -o FingerprintHash=sha256
It is unable to verify the legitimacy of host ‘batroc.dreamhost.com (67.205.12.21)’.
SHA256:ijqWGQW20bkvOViujUO5PRknle09aDPUjh25u60T7eQ is the ECDSA key fingerprint.
[server] Check the ED25519 (MD5) fingerprint
$ ssh batroc.dreamhost.com -o HostKeyAlgorithms=ssh-ed25519 -o FingerprintHash=md5
It is unable to verify the legitimacy of host ‘batroc.dreamhost.com (67.205.12.21)’.
MD5:c9:aa:b8:02:0c:ca:46:59:63:17:16:0a:7c:26:c6:24 is the ED25519 key fingerprint.
[server] Check the ED25519 (SH256) fingerprint
$ ssh batroc.dreamhost.com -o HostKeyAlgorithms=ssh-ed25519 -o FingerprintHash=sha256
It is unable to verify the legitimacy of host ‘batroc.dreamhost.com (67.205.12.21)’.
SHA256:q3JfuvuldJy5u/ETWHW7HBQ3Zqn763z/CWlumFuOH3s is the ED25519 key fingerprint.

Using OpenSSH lower than 6.8

As previously stated, the ‘FingerprintHash’ command is not compatible with OpenSSH versions prior to 6.8. You can, however, use ssh-keyscan to get the public key and then examine its fingerprints.

To begin, obtain the public key from the server.