Formula
Group
Network
Keywords
SSHCybersecurityPort ScanningKeys
Last edited time
Apr 29, 2024 2:18 PM
Slug
Status
Draft
Title
Code inside page
Github
👉 Overview
👀 What ?
SSH-keyscan is a utility for collecting public SSH host keys from a number of hosts. It is useful in scenarios where a user wants to compare if two SSH ports are from the same host by comparing the keys.
🧐 Why ?
Understanding how to use SSH-keyscan is important as it provides a method for detecting possible Man-in-the-Middle attacks by comparing SSH keys. If two SSH ports have different keys, it may indicate that one of the hosts is an imposter, trying to intercept the communication. Thus, our readers, especially those concerned with network security, would find this topic highly relevant.
⛏️ How ?
To use SSH-keyscan to compare keys from two different SSH ports, follow these steps:\n1. Run the command 'ssh-keyscan host' for each host. This will print the public keys for each host.\n2. Compare the keys. If they match, it is likely that the ports are from the same host. If they don't, further investigation is needed.
⏳ When ?
SSH-keyscan has been a part of the OpenSSH package since its inception, and its use has become a standard practice in network security over the years.
⚙️ Technical Explanations
SSH-keyscan sends a series of protocol requests to the specified hosts and then prints the public keys for each host. The keys are printed in the order they are received. This can be used to determine if a host has multiple keys. If the scanned hosts have more than one key, the tool will print all the keys, which can then be compared to see if the hosts are the same. This comparison is made based on the principle that the SSH protocol uses public-key cryptography for authentication. Thus, each host should have a unique key pair. If two hosts have the same key, it is likely that they are the same host, or that one host has copied the key of the other.