This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ilya_Yusupov
Employee
Employee
Monday
In response to the_rock

Thank you @the_rock  🙂

@Asifoxy  - i replicated it in my lab but i'm not sure its a bug 

in my lab i see that for my known host i have 3 options for the fingerprint, when i choose "ecdsa-sha2-nistp256" it worked but if i choose same as in your attachment i will get same results 

 

the fingerprint options - if i choose the first one it works but if i choose last one it will not work, based on the SK looks like we support only SHA256, i suggest to open a TAC ticket in case you see this as an issue.

[Expert@ilya29000-2:0]# ssh-keyscan 10.15.255.131 | ssh-keygen -lf -
# 10.15.255.131:22 SSH-2.0-OpenSSH_7.8
# 10.15.255.131:22 SSH-2.0-OpenSSH_7.8
# 10.15.255.131:22 SSH-2.0-OpenSSH_7.8
256 SHA256:QTmIeCF6wc+6UFpbaT8bDM5Jtd/DOkr1h7eRAoh3kmM 10.15.255.131 (ECDSA)
2048 SHA256:K8VKLJsuzkpmqGV0DPif4MVQMefi3Sy2PwuV3v8ECls 10.15.255.131 (RSA)
256 SHA256:Ap8u/SvBfrGCNVMk76JqO+bbvb6lMQYj2bTNwXwYWao 10.15.255.131 (ED25519)

Good:

ilya29000-2> add ssh hba ipv4-address 10.15.255.131 public-key access-mode online fingerprint QTmIeCF6wc+6UFpbaT8bDM5Jtd/DOkr1h7eRAoh3kmM

 

Bad:

ilya29000-2> add ssh hba ipv4-address 10.15.255.131 public-key access-mode online fingerprint Ap8u/SvBfrGCNVMk76JqO+bbvb6lMQYj2bTNwXwYWao
NMHOST9999 Fingerprint does not match remote public key

 

(1)
Who rated this post