What are the SSH host keys for sftp and scp connections?
The SSH host keys are to identify that your connection to the server is direct and that there is no man in the middle attack (MITM attack).
Our host key fingerprints for the Simple FTP Service is:
2048 SHA256:vgxrsQY4LuABBPrAIdBHQSF+UQgF5PuWzsqtLYSAua4 support@docevent.io (RSA) 2048 MD5:f3:d6:0d:1d:a0:98:33:4f:b5:ef:f3:0d:e5:e5:e4:9f support@docevent.io (RSA)
How do I use the host key fingerprint?
The first time you login to our server via sftp it will present you with a host key fingerprint, these should match to the above, if not then you are not connecting to our server, for example:
$ sftp uuid1234/username@sfs-ap-southeast-2.docevent.io The authenticity of host 'sfs-ap-southeast-2.docevent.io (54.66.204.53)' can't be established. RSA key fingerprint is SHA256:vgxrsQY4LuABBPrAIdBHQSF+UQgF5PuWzsqtLYSAua4. Are you sure you want to continue connecting (yes/no)?
After checking the fingerprint is authentic, you can now continue your session by choosing yes.
The key is then added into a list of safe keys for this hostname and you will not be asked this question again.
What is the host public key?
The SSH host public key is below:
AAAAB3NzaC1yc2EAAAADAQABAAABAQDjg6TG3+z+ejP+0DJQvStED4oCwGtpO4juHuUkrd+YTVr7FYer/pufkP4DY5Xqk0/ZiGArbDSrsuSW1WCr7PSFNyMSOC/yus0omUNpxbJs/mblVryJ8k/KT9Vf62zeFJPrCP/uog3rlSlvs/13c8CLBW80tafPNeELakbMuVG+J9tChuqVm3DwlX2HqnPch7MYG8AhqSMHmsn+qWtwSiaidwhqA+Mo6qWAmz0Hs9D9IVkkwRysV7weJLZE2KJjQ/Qf8wnT2knxQvUwqTKBlhG4G81JuDIE1+3n6+aK9ZAGWJxECgKwd0jsmsAdO9AAfXziGKKq3ib7xtsQppDsOknx
How do I identify a man in the middle attack?
If for some reason the fingerprint is changed and it does not match up against the stored fingerprint from your earlier connection, you will receive a message:
$ sftp uuid1234/username@sfs-ap-southeast-2.docevent.io @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the RSA key sent by the remote host is SHA256:1ugNm50ITJ8CQOkw6JvDZc47KezXUg5DTZ7Y3H3mVsA. Please contact your system administrator.
At this point you need to further investigate as to why you are receiving this message. There are a few possibilities, but it is generally because traffic is being routed to another server not owned by DocEvent.io. Some examples are:
- DNS has been altered
- Internet routing tables are modified
For more information take a look at man in the middle - Wikipedia