Talk:Security

DreamHost SSH key fingerprints

The main article suggests the following:

One way to determine the SSH fingerprint for your web server is to use the DreamHost web panel to set up a cronjob that will email you the fingerprint or save it to a file accessible from your server. Here's the command to run in the cronjob: ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub

I tried this, but the email I received simply said, "/etc/ssh/ssh_host_rsa_key.pub: No such file or directory"

Even if I were to research the correct location of the RSA key on the server (without logging in using SSH, since the reason I want to learn the server's RSA key fingerprint is to ensure I don't face a MITM attack via SSH), and to edit the cron job accordingly, there must be a better way for users to be able to get the RSA key fingerprints of their servers. I've filed a support request, and have also filed a suggestion that DreamHost makes users' servers' RSA key fingerprints visible in the DreamHost Panel.

Discussion welcomed. Sampablokuper 00:08, 23 April 2011 (PDT)

I've also tried editing the cronjob to run sh-keygen -l -f /etc/ssh/ssh_host_rsa_key, but this just produces, "/etc/ssh/ssh_host_rsa_key is not a public key file." Sampablokuper 00:40, 23 April 2011 (PDT)

Changing the cronjob to ls /etc/ssh/ in the hope of finding out which public key files are available on the server that might let me find out the fingerprints simply yielded, "moduli ssh_config ssh_host_dsa_key ssh_host_rsa_key ssh_known_hosts sshd_config". In other words, no public keys at all. Weird. Sampablokuper 01:03, 23 April 2011 (PDT)

I've just received a reply to my support request. The DreamHost staffer confirmed that DreamHost currently has no way for users to verify servers' key fingerprints except by filing support requests. Sampablokuper 14:16, 23 April 2011 (PDT)

My suggestion that DreamHost makes this all much easier has been screened and accepted for voting. Please go here to add your vote! Sampablokuper 05:51, 1 May 2011 (PDT)