When I connect via ssh from a FreeBSD host to a recently created CentOS-6.10 host I get this message in the client:
The fingerprint for the RSA key sent by the remote host is
SHA256:EKfevqVDSBpuq1TBFf/vRtEqVsP4gUjGoc5OGVtnntg
I have never seen a hash value in anything other than hexadecimal, which this certainly is not. Can anyone explain what is causing this? Are these hashs themselves encrypted?
Answer:
Not encrypted but they are displayed encoded as Base64.
To get the SSHFP value required for DNS one must transfer the CentOS-6.10 host public key file to a system who's ssh-keygen utility creates SHA256 finger prints:
The fingerprint for the RSA key sent by the remote host is
SHA256:EKfevqVDSBpuq1TBFf/vRtEqVsP4gUjGoc5OGVtnntg
Code:
The fingerprint for the RSA key sent by the remote host is
SHA256:EKfevqVDSBpuq1TBFf/vRtEqVsP4gUjGoc5OGVtnntg.
Please contact your system administrator.
Update the SSHFP RR in DNS with the new host key to get rid of this message.I have never seen a hash value in anything other than hexadecimal, which this certainly is not. Can anyone explain what is causing this? Are these hashs themselves encrypted?
Answer:
Not encrypted but they are displayed encoded as Base64.
To get the SSHFP value required for DNS one must transfer the CentOS-6.10 host public key file to a system who's ssh-keygen utility creates SHA256 finger prints:
Code:
ssh-keygen -r vhost01.hamilton.harte-lyne.ca. -f ./vhost01/ssh_host_rsa_key.pub
vhost01.hamilton.harte-lyne.ca. IN SSHFP 1 1 650828cdac9a7508c35c382b39fb65924ead2d52
vhost01.hamilton.harte-lyne.ca. IN SSHFP 1 2 10a7debea543481a6eab54c115ffef46d12a56c3f88148c6a1ce4e195b679ed8