MobileRead Forums - View Single Post - Clarification of usbnet Openssh fingerprint/keys

sunnydev · 07-11-2012, 11:04 AM

Thanks for the responses. To clarify, building on hawhill's post:

in my configuration the "user "authentication is OK, i.e. public key is in ../usbnet/etc/authrorized_keys and the private key is on the clients side.

This query is about the server (Kindle) public key:
1. If I needed to generate this key, .e.g. keygen?
2. where for the usbnet configuration its stored?
3. if I regenerate another server key (like the user public key) and locate it in the correct place, will this give me a new fingerprint I can use.
I was concerned that I may need to generate a new server key and also unsure where this key is stored.

My understanding so far:
1. Answer: No.
Reason: The fingerprint that the ssh clients show is a hash of the server public key . Once the client has accepted the fingerprint (i.e. user has confirmed it's the correct host), the fingerprint can will be stored locally and verified next time a connection is initiated i.e. to check it's the same host.

This "server" key is generated automatically (practically unique) by the install of Openssh (i.e. usbnet) and therefore in terms of security there are no concerns in terms of another needing another to be generated? i.e. the fingerprint showing for my Kindle now is sufficient.

2. I understand normally for Openssh this key is located in something like /etc/ssh/ssh_host_rsa_key.pub.

Is the server public key for usbnet that is used in the hash to create the fingerprint located in /mnt/base-us/usbnet/etc/ssh_host_rsa_key?

3. Is the answer?: Yes a new public key could be generated to give a new fingerprint but as its a new install and no compromises then there is little benefit.

Thanks for any further clarifications

07-11-2012, 11:04 AM	#6
sunnydev Member Posts: 15 Karma: 70 Join Date: Jul 2012 Location: Germany Device: Kindle	Thanks for the responses. To clarify, building on hawhill's post: in my configuration the "user "authentication is OK, i.e. public key is in ../usbnet/etc/authrorized_keys and the private key is on the clients side. This query is about the server (Kindle) public key: 1. If I needed to generate this key, .e.g. keygen? 2. where for the usbnet configuration its stored? 3. if I regenerate another server key (like the user public key) and locate it in the correct place, will this give me a new fingerprint I can use. I was concerned that I may need to generate a new server key and also unsure where this key is stored. My understanding so far: 1. Answer: No. Reason: The fingerprint that the ssh clients show is a hash of the server public key . Once the client has accepted the fingerprint (i.e. user has confirmed it's the correct host), the fingerprint can will be stored locally and verified next time a connection is initiated i.e. to check it's the same host. This "server" key is generated automatically (practically unique) by the install of Openssh (i.e. usbnet) and therefore in terms of security there are no concerns in terms of another needing another to be generated? i.e. the fingerprint showing for my Kindle now is sufficient. 2. I understand normally for Openssh this key is located in something like /etc/ssh/ssh_host_rsa_key.pub. Is the server public key for usbnet that is used in the hash to create the fingerprint located in /mnt/base-us/usbnet/etc/ssh_host_rsa_key? 3. Is the answer?: Yes a new public key could be generated to give a new fingerprint but as its a new install and no compromises then there is little benefit. Thanks for any further clarifications