Re: ssh fingerprint mismatch for one single client
Le 20/09/2020 à 18:59, Beco a écrit :
> I mean the numbers are completely different.
> PUTTY: not only different, but it appears to get a ED25519 which is not
> on the server.
> SSH powershell: It gets ECDSA, which is the algorithm accepted, but a
> completely different hex code.
>
> If I run on my notebook the command:
> My answer is OK
>
> $ nmap -p22 -n --script ssh-hostkey the.server.in.question
> Starting Nmap 7.70 ( https://nmap.org ) at 2020-09-19 19:12 -03
> Nmap scan report for the.server.in.question (198.200.100.50)
> Host is up (0.0055s latency).
> PORT STATE SERVICE
> 22/tcp open ssh
> | ssh-hostkey:
> | 2048 33:44:55:66:77:88:99:11:22:33:44:55:66:77:aa:bb (RSA)
> | 256 cc:99:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee (ECDSA)
> Nmap done: 1 IP address (1 host up) scanned in 1.05 seconds
>
> My notebook (external) shows correct server IP and the 2 accepted
> fingerprints.
>
>
>
> On Bob's notebook:
>
> $ nmap -p22 -n --script ssh-hostkey the.server.in.question
> Starting Nmap 7.70 ( https://nmap.org ) at 2020-09-19 18:12 -03
> Nmap scan report for the.server.in.question (198.200.100.50)
> Host is up (0.0055s latency).
> PORT STATE SERVICE
> 22/tcp open ssh
> | ssh-hostkey:
> | 2048 12:34:56:78:9c:cd:dc:cd:de:ef:f0:01:12:13:14:15 (RSA)
> | 256 5b:6b:4b:3b:2b:1b:8b:2b:7b:9b:9b:0b:3b:5b:4b:3b (ECDSA)
> |_ 256 a1:a2:a3:a4:a5:a6:a7:a8:a9:a0:a1:a2:a3:a4:a5:a6 (ED25519)
> Nmap done: 1 IP address (1 host up) scanned in 1.05 seconds
>
> All wrong.
>
Very strange, could be a router in your network that NAT his connection
to the wrong server. Have you tried to scan other servers in your
network to look for the same fingerprints?
I can't see how he can get back answering packets with the right IP but
not the right fingerprint if a network device wasn't changing the IP
somewhere on the route between him and the server.
Reply to: