From owner-freebsd-net@freebsd.org Thu Mar 22 02:06:13 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 72B54F5ADF7 for ; Thu, 22 Mar 2018 02:06:13 +0000 (UTC) (envelope-from kurt.buff@gmail.com) Received: from mail-pl0-x22c.google.com (mail-pl0-x22c.google.com [IPv6:2607:f8b0:400e:c01::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id F335A76308 for ; Thu, 22 Mar 2018 02:06:12 +0000 (UTC) (envelope-from kurt.buff@gmail.com) Received: by mail-pl0-x22c.google.com with SMTP id m22-v6so4354530pls.5 for ; Wed, 21 Mar 2018 19:06:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=ilNzd39eAQIr/htNk2NwgHkyF8yOnr5sGBzrtlKfedI=; b=OY9OXj49wFyjCd1sDJKYZ7IuFmiDneyQ1+gfMA4NfaZZaZDBxk5FCLayPQOeSTpI6f A+U+Ny/tWGwyl+YaYTetgWTgoWVBDumDAgxg1irStzzYdkF8SffNPwvyE3DYs3ogyM7V Qg+v44g0AHfFvUP4SIE/UTH1y9Zp9pjNx2JkjXyVeg9Yod2fC8BD2vG2AiNQoZpvFubF UENpOS66hiFCp2zJWAOmPOEgjY1WjtgAwyZYgeireT4Mi5C+WO+VaBBJKU8tTow2fesW RJJegpr26Wo4+XET+31DvMBTavTc/ZRNS41MY3U6VmZ/cwkvi4u8jncVpdcnFv9HmMsB CAhQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=ilNzd39eAQIr/htNk2NwgHkyF8yOnr5sGBzrtlKfedI=; b=j5I7tGXrXxWhW5C8YUeDzbToPhCNowDcl488GWtQfHVNlT5joS6ox9X8hLybUQfDu9 veQUKhIuuT2RWvFRDWc3uMMPuH0bAapewZlyfj4qunbR9HwwxeTxviWUukUFO4FWQPii 4Fa2rWojZ4QQ0R8dEmM3GU7bPyH3qOPcdfddIfOLRCPS3rIJVafWTU/dqyRrG4HakNgt a8qc8idRRwubChgQdwlY79UHb1HWAOaaFpYAA2tsylg9IF1bGPunOG91duh2O15yvwIm ROFKb+GcWU+6mRVk7KXRNVRB0+VYIXA7J6GXCu4il9yqmRJpgQCJIP/T2dzr+zDE++iK SIqA== X-Gm-Message-State: AElRT7G60Fz00PXHzRIhEvf1VSs1j5Hbigq6Dwm3U9mxi7hWwKB2RRVf hpr6QRX9gRo+epiB71Uk7rn4+ZwM8HrJZ9MloHFYDQ== X-Google-Smtp-Source: AG47ELtKWVdVLsMxFNvPkCN9dfr+Lvgey3gfiT0tQPDneh0wh0FfiUPaDMgQrvrkCpzeqnmfcpeI12XdM/NukRefFOs= X-Received: by 2002:a17:902:7008:: with SMTP id y8-v6mr23669985plk.395.1521684371617; Wed, 21 Mar 2018 19:06:11 -0700 (PDT) MIME-Version: 1.0 Received: by 10.236.174.20 with HTTP; Wed, 21 Mar 2018 19:06:11 -0700 (PDT) In-Reply-To: <5755.1521676047@segfault.tristatelogic.com> References: <5755.1521676047@segfault.tristatelogic.com> From: Kurt Buff Date: Wed, 21 Mar 2018 19:06:11 -0700 Message-ID: Subject: Re: Same host or different? How can you tell "over the wire"? To: FreeBSD Net Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Mar 2018 02:06:13 -0000 On Wed, Mar 21, 2018 at 4:47 PM, Ronald F. Guilmette wrote: > > "Kurt Buff" wrote: > In case it was not clear, none of the IPv4 addresses that are of interest, > or that are relevant to my question, are ones for which *I* posses any type > of SSH login credentials. > > But your question certainly raises an interesting possibility, and an > interesting question... one that I myself am not at all equiped or > qualified to answer (because I am almost totally ignorant about even > the bare mechanics of the SSH protocol): How could one tickle an open > SSH port and obtain from it not just its greeting banner (which may be, > and often is, rather generic and non-specific) but also so as to get > the host's host-specific public key? > > (Yes, I am indeed displaying an unforgivable level of laziness here. > I can and most probably should, and most probably eventually -will- > just go off now and read the relevant RFCs, but if anyone wants to save > me the trouble, just for this one question, that would be appreciated.) Well, I'm not expert myself, but when I use putty from my Windows machine to talk with an ssh server that it's not seen before, I get a popup talking about the host ssh key which is new to putty., and that happens any time, e.g., the IP address of the machine changes. This query: https://www.google.com/search?q=scan+host+collect+ssh+key&ie=utf-8&oe=utf-8 reveals this tool: http://rc.quest.com/man.php?id=ssh-keyscan%281%29 which might be useful to you, and I do indeed see the man page for it on my box. Kurt