From owner-freebsd-net@freebsd.org Thu Mar 22 02:37:16 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EC60BF5E2BA for ; Thu, 22 Mar 2018 02:37:15 +0000 (UTC) (envelope-from kevin@your.org) Received: from mail.your.org (mail.your.org [IPv6:2001:4978:1:2::cc09:3717]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8E93C77BF7 for ; Thu, 22 Mar 2018 02:37:15 +0000 (UTC) (envelope-from kevin@your.org) Received: by mail.your.org (Postfix, from userid 1000) id 166AD3C7E7D; Thu, 22 Mar 2018 02:37:14 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.0 (2010-01-18) on mail.your.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED, T_RP_MATCHES_RCVD autolearn=ham version=3.3.0 Received: from mail.your.org (chi02.mail.your.org [204.9.55.23]) by mail.your.org (Postfix) with ESMTP id 1C5863C7E78; Thu, 22 Mar 2018 02:37:13 +0000 (UTC) X-Virus-Scanned: amavisd-new at example.com Received: from mail.your.org ([204.9.55.23]) by mail.your.org (mail.your.org [204.9.55.23]) (amavisd-new, port 10024) with LMTP id 5L44tL7cXiMQ; Thu, 22 Mar 2018 02:37:11 +0000 (UTC) Received: from [10.10.38.97] (unknown [12.144.188.5]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.your.org (Postfix) with ESMTPSA id A326A3C7E73; Thu, 22 Mar 2018 02:37:11 +0000 (UTC) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\)) Subject: Re: Same host or different? How can you tell "over the wire"? From: Kevin Day In-Reply-To: <5755.1521676047@segfault.tristatelogic.com> Date: Wed, 21 Mar 2018 19:37:08 -0700 Cc: freebsd-net@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <4DB72389-D167-4152-A15F-4710C54B2E1A@your.org> References: <5755.1521676047@segfault.tristatelogic.com> To: "Ronald F. Guilmette" X-Mailer: Apple Mail (2.3445.5.20) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Mar 2018 02:37:16 -0000 > On Mar 21, 2018, at 4:47 PM, Ronald F. Guilmette = wrote: >=20 > But your question certainly raises an interesting possibility, and an > interesting question... one that I myself am not at all equiped or > qualified to answer (because I am almost totally ignorant about even > the bare mechanics of the SSH protocol): How could one tickle an open > SSH port and obtain from it not just its greeting banner (which may = be, > and often is, rather generic and non-specific) but also so as to get > the host's host-specific public key? Does the ssh-keyscan tool do what you want? # ssh-keyscan github.com # github.com:22 SSH-2.0-libssh_0.7.0 github.com ssh-rsa = AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7= PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQq= ZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG= 6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3J= EAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ= =3D=3D Unless you've copied the host ssh keys manually, this will be unique to = the system.