Continuing with Proxies, SOCKS5 and SSH, Darren and Shannon cover SSH Public Key Fingerprints, then build a free Windows SSH Server and configure Key Pairs for a Linux client.


Download HD | Download MP4


SSH Public Key Fingerprints and known_hosts

Typical SSH Servers user 128-bit MD5 hashes as Public Key Fingerprints. These are used to verify the authenticity of a server. These key fingerprints are short sequences of bytes used to authenticate a much longer public key. Like we discussed last week regarding key pairs for user authentication, SSH servers have key pairs for server authentication.

On a Linux OpenSSH server for example these key pairs will be found in /etc/ssh/*key*. The public keys will be world readable while the private keys can only be read by a superuser.

On a Linux client for example the key fingerprints of remembered servers are stored in ~/.ssh/known_hosts. Since SSH version 4 the username and hostnames associated with these servers are hashed.

To remotely verify the key fingerprint of an SSH server

ssh-keyscan -t rsa,dsa REMOTEHOSTNAME > /tmp/
ssh-keygen -l -f /tmp/

Alternatively, on the remote server the key fingerprints can be found by:

cd /etc/ssh
ls *key*
cat ssh_host_key # this is the private key
# permission will be denied if not superuser
cat # this is the public key
ssh-keygen -lf
# field 1 = bit length of key
# field 2 = fingerprint of key
# field 3 = name of key

Setting up a Windows SSH Server with Bitvise (+ A few other software recommendations)

Setting up the SSH Server Windows Using BitVise WinSSHd

  • Download BitVise

  • Creating a server on laptop or pc at home...
  • Auto config router (UPnP) - BAD!! No Universal Plug-n-Play
  • Open Port to Any Computer
  • Uncheck 'Allow Any Logon', Click add.
  • Enter Username - Run 'whoami' from CMD to find out your username.
  • Want to add account for a friend? Do a virtual account.

SSH Servers for Windows

FreeSSHd -

  • Nice but lacks advanced security controls. The server starts
    sessions with security in the context of the service itself, meaning
    since it needs to be run as administrator or system those are the
    privileges available to the users.

  • Not open source so it can't be vetted, improved upon by the community
  • Hasn't been updated since 2009
  • Difficult to get working on Windows 7
  • Free and easy to setup

Bitvise WinSSHD -

  • Free for non-commercial / personal use

  • License costs $100, unlocks Active Directory feature for enterprises
  • Easy to install and update, nice GUI
  • Supports Active Directory, Kerberos or it's own user database
  • Works fine in Windows 7
  • Supports AES 128 and 256 bit encryption
  • Not open source so it can't be vetted, improved upon by the community
  • Can be configured to use Power Shell instead of CMD as the default
    shell for users

  • Supports OpenSSH public key files
  • Configure account and group permissions per IP and DNS
  • Automation API, logging

OpenSSH for Windows -

  • Free, open source implementation of OpenSSH with Cygwin

  • Hasn't been updated since 2004
  • Enough said

Copssh -

  • Package of portable OpenSSH for Cygwin

  • GUI for administartion

KpyM SSH Server -

  • Free, open source

  • Uses Windows identification (Windows user accounts)
  • Automated install and setup
  • Nag screen. Single license is $35

Setting up Key Pair Authentication in Linux with OpenSSH

On the remote host:

mkdir .ssh
chmod 700 .ssh
cd .ssh

On the local host:

ssh-keygen -t rsa
scp ~/.ssh/ user@host:.ssh/authorized_keys2

Back on the remote host:

ls -la authorized_keys2
chmod 600 authorized_keys2

On the local host:

ssh user@host

Bonus: Transfer SSH public keys from one machine to another

Now that we've done it the long way, let's take a moment to appreciate a convenient shortcut -- ssh-copy-id.

ssh-keygen; ssh-copy-id user@host; ssh user@host

Leave a Reply

Your email address will not be published. Required fields are marked *



  • shinobi 3 years ago

    I was wondering if you where going to show how to set up a openssh server in either widows or Linux(Ubuntu).

  • privateee 3 years ago

    Could you make a tip of hacking websites ..!!

    Thanks …! 😀

  • i need tutorial about cpu overclocking…can u drive it?

  • I’ve been loving your shows about proxies. Really well done folks!

    But Darren’s comment about rm-ing his known_hosts got me thinking about how you could get round that. I put up a longer writeup on my site but the long and short of it is in Bash you can say
    (x=3; head -n$(($x-1)) known_hosts; tail -n$((`wc -l known_hosts | cut -d ' ' -f 1`-$x)) known_hosts) > t2 && cat t2 > known_hosts where x is the offending line number of the key (the warning tells you which line in the file to remove).

    My preferred way is less typing heavy and more perlish perl -nle 'print if(++$i!=3)' known_hosts > t2 && mv t2 known_hosts would do it 😉

  • Alvaro 3 years ago

    An alternative method for copying your SSH public key to a remote server: ssh-copy-id -i ~/.ssh/ remote-host

  • need tutorial about cpu overclocking…can u drive it?

  • I always used to read article in news papers but now as I amm a user of web sso from
    noww I am using net for content, thanks to web.

  • Cheap Authentic Sports Jerseys ?Cheap Authentic Sports
    Jerseys, ?t Wholesale ?rices. AJFL. Cheap Authentic Sports Jerseys

  • This information is unique to me. I really like your points and think you put a new spin on this for readers. I respect your writing style. You’re so perceptive.

  • At this time it sounds like Expression Engine is the preferred
    blogging platform available right now. (from what I’ve read) Is that what you are using on your blog?

  • Howdy! This is my first visit to your blog! We are
    a collection of volunteers and starting a new initiative in a community in the
    same niche. Your blog provided us beneficial information to work on. You have done a outstanding job!

  • wholesale jerseys china Neww vogue ?n cheap nfl jerseys ?t
    cheaper price cheap nhl hockey jerseys

  • Do not allow your cat to play with these.Is constructed of . So Cheap Jerseys Free Shipping would prefer to have flats and slippers,Cheap Jerseys Free Shipp Cheap Jerseys From China ing, while so would rather have a pair of sneakers. Grant yourself the proper to optimal care. A demonstration is usually often aessible in movie on the Cheap Jerseys Wholesale webpage in an attem

  • As mlm is a job you do by yourself, you are also working for yourself. [url=]Cheap NFL Jerseys China[/url].[url=]Wholesale Jerseys China[/url]. It can also help you price everything out to open, and help you set a budget for your business. Take the outer case apart.[url=]Cheap NFL Jerseys[/url].Here are several items that I didn’t find impressive in regards to the guide:. He is a little bigger and probably has better ball skills than Dennard. It is your present scenario that needs to kind the foundation for the strategy that you want to get–do not at any ti neglect this. You may would like to form a proposal explaining the advantages of your Batting Cages Business venture and ow your business plan. You ould free xbox live codes never change the position of the Xbox360 from vertical to horizontal or the other way round when there is a disc inside the DVD drive. I know I’m not, which is why I think this guide is great.The introduction of Zerona therapy in Long Island has been proven to be effective for stubborn weight loss areas, such as on the thighs, hips and waist.