I have installed a new VyOS router and the first time connecting to it with SSH it asks me to verify the fingerprint. Out of curiosity I tried to find the fingerprint on the console to compare to and had no luck. Also had no luck hunting in the documentation (which I have found very good IMHO), ‘Googling’ or searching in this forum. TIA
Version: VyOS 1.3-rolling-202309140800
On the server (VyOS):
for PUBKEY in /etc/ssh/*.pub; do ssh-keygen -l -v -E sha256 -f ${PUBKEY}; done
On the client:
To verify connection:
ssh -o VisualHostKey=yes -o FingerprintHash=sha256 <HOST>
To verify stored fingerprint(s):
ssh-keygen -l -v -F <HOST>
Note that if you connect using FQDN (host.example.com) vs if you connect using IP-address thats considered two different hosts by the fingerprint db.
I think this would be a great op-mode command such as show ssh or show ssh fingerprints to display the fingerprints of the VyOS but also hint the user what commands to use to verify this locally in the client aswell.
Please file this as a feature request over at https://vyos.dev (or let me know if you want me to do it for you?).
Thanks that worked perfectly!
I will have a crack at filing it as a feature request and let you know if I get stuck. Many Thanks
I tried to create an account but I’m still waiting for approval… 
Finally got there - T5653. Hopefully the correct level of detail. Cheers
I finally got around to running up a version 1.5 and the first thing I did was have a look at this new functionality. perfect. Thank you everyone. 
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.