SSH Tectia ConnectSecure includes a tool to resolve which hashed host key belongs to which server. As there can be several server host keys stored on the client-side host, and the file name does not show the server name in, it is somethimes necessary to check if a certain server public key is stored on the client host.
The command syntax is:
ssh-keygen-g3 -F <servername>@<port>
ssh-keygen-g3 -F server1@222
The tool shows the location and the fingerprint of the requested server's public key or keys (the fingerprint in the SSH babble format). For example:
Fingerprints for key 'server1#222': (from location /etc/ssh/ssh_known_hosts:1 ("server1 ssh-dss AAAAB3...") (publickey-knownhosts)) xical-dohoz-fafur-ciper-vucam-munod-rykic-nabiv-nigag-fatif-pixex (from location /home/user44/.ssh/known_hosts:2 ("|1|84+eB1qwbSSvSe0GY...") (publickey-knownhosts)) xuvob-vodyt-dilib-koryc-cadek-ryfuv-mufut-bupyb-resuz-fadyz-taxox
The port definition is optional in the command. If no port is given, the default Secure Shell port 22 is assumed. For example:
ssh-keygen-g3 -F server2 Fingerprint for key 'server2': (from location /home/user44/.ssh2/hostkeys/keys_bf53882dc47bb767edf161a4f636917f8358d635 (publickey-file)) xuvin-zitil-ducid-gevil-vysok-buviz-nynun-pinat-tylev-gusez-dyxix
If no keys are found for the given server, the
ssh-keygen-g3 -F command will report where it looked for the keys, and will conclude as follows:
/ No keys found from any key directories or known_hosts files.