KB.15.15

Displaying the Public Key

The switch provides three options for displaying its public key. This is helpful if you need to

visually verify that the public key the switch is using for authenticating itself to a client matches

the copy of this key in the client's "known hosts" file:

• Non-encoded ASCII numeric string

Requires a client ability to display the keys in the "known hosts" file in the ASCII format.

This method is tedious and error-prone due to the length of the keys. See Figure 165

(page 231).

• Phonetic hash

Outputs the key as a relatively short series of alphabetic character groups. Requires a

client ability to convert the key to this format.

• Hexadecimal hash

Outputs the key as a relatively short series of hexadecimal numbers. Requires a parallel

client ability.

For example, on the switch, generate the phonetic and hexadecimal versions of the switch

public key in Figure 165 (page 231) as follows:

Figure 167 Visual phonetic and hexadecimal conversions of the switch public key

The two commands shown in Figure 167 (page 232) convert the displayed format of the switch

(host) public key for easier visual comparison of the switch public key to a copy of the key in

a client's "known host" file. The switch has only one RSA host key. The 'babble' and 'fingerprint'

options produce two hashes for the key--one that corresponds to the challenge hash you will

see if connecting with a v1 client, and the other corresponding to the hash you will see if

connecting with a v2 client. These hashes do not correspond to different keys, but differ only

because of the way v1 and v2 clients compute the hash of the same RSA key. The switch

always uses an ASCII version of its public key, without babble or fingerprint conversion, for

file storage and default display format.

232 Secure Shell (SSH)