Share

Question

When I am logging in my droplet for the first time using password, I see the following :

The authenticity of host '138.197.19.221 (138.197.19.221)' can't be established.
ECDSA key fingerprint is SHA256:qwR9naUT7NA6RrLSnu9RQ/jR1fJ2K5eakv52ONEyuOE.
Are you sure you want to continue connecting (yes/no)?

My understanding is that I can find the same fingerprint for my droplet at the digitalocean website, and if they matches I am connecting to the right droplet.

Is my understanding correct? If yes, then where do I find the fingerprint of my droplet at the digital ocean website?

Accepted Answer

jtittle1 January 18, 2017

@quazirfan

You can find your SSH Key fingerprints in the DigitalOcean Control Panel. Simply login and click on the avatar icon in the top right corner (there's a dropdown arrow next to it). From there, click on Settings and then from the left side menu, click on Security.

Reply

quazirfan January 18, 2017

I don't see fingerprint under Settings > Security. Here is a screenshot of the page : http://i39.photobucket.com/albums/e179/iamcreasy/Untitled_zps3x1eomzf.jpg

I haven't added any public ssh key to my account yet. But that's shouldn't affect my droplet's fingerprint.
- jtittle1 January 18, 2017
  
  @quazirfan
  
  You're seeing that message because your local computer has never connected to it before, thus it's asking you to confirm that you really want to connect.
  
  Once you connect, that server will be stored to what is referred to as your "known hosts", which is a file that contains the fingerprints for servers you've authorized and connected to.
  
  You can't physically pull the web servers fingerprint from within the control panel or using the API. You can, however, pull the fingerprint of an SSH Key, though since you do not have an SSH Key stored, you would have to first store one and then access it using the method about or using the API.
  
  The only real purpose of the web server fingerprint is to identify servers that you have an have not connected to. For those you've not connected to, you'll get a message like the above. For those you have connected to and authorized, you'll either be asked for your username & password, just the password, or the password associated with your SSH Key.
  
  quazirfan January 18, 2017
  
  You can't physically pull the web servers fingerprint from within the control panel or using the API.
  
  Yes, that's what I was asking. How/where do can I find the fingerprint of the server.
  
  I've found a way. I've accessed the terminal of the system and ran the following command and it gives me the fingerprint of the server.
  
  ssh localhost
  
  But from the output it looks like the system is trying to connect with itself...
  
  jtittle1 January 18, 2017
  
  @quazirfan
  
  The fingerprint you're seeing when attempting to connect for the first time isn't something that's managed by DigitalOcean -- it's managed locally by your OS.
  
  It's purpose is to alert you when your local machine doesn't recognize the machine you're connecting to. When your machine (laptop, desktop, etc) doesn't recognize the machine you're connecting to, you'll get that prompt. When it does, you'll only be prompted for a username & password, a password, or the password of your SSH key -- it just depends on how you're connecting (i.e what you pass to the ssh command) and whether you have an SSH key on that machine and valid private key locally.
  
  How it's managed is through your known hosts file. This varies by OS in terms of location. For example, on MacOS, it's located in ~/.ssh/known_hosts. That file is where the fingerprint you're seeing gets stored. It's not stored on your Droplet or elsewhere.
  
  The only time you'll be able to pull a fingerprint from DigitalOcean is when you have valid SSH keys assigned to your account. When you do, you can access the API and pull down various sorts of information and use it to your liking, but the fingerprint your seeing isn't something that's included in that pull, or even outside the API.
  
  When you run:
  
  ssh localhost
  
  Your attempting to connect to your local machine :-).

Answer 2

quazirfan January 18, 2017

I don't see fingerprint under Settings > Security. Here is a screenshot of the page : http://i39.photobucket.com/albums/e179/iamcreasy/Untitled_zps3x1eomzf.jpg

I haven't added any public ssh key to my account yet. But that's shouldn't affect my droplet's fingerprint.
- jtittle1 January 18, 2017
  
  @quazirfan
  
  You're seeing that message because your local computer has never connected to it before, thus it's asking you to confirm that you really want to connect.
  
  Once you connect, that server will be stored to what is referred to as your "known hosts", which is a file that contains the fingerprints for servers you've authorized and connected to.
  
  You can't physically pull the web servers fingerprint from within the control panel or using the API. You can, however, pull the fingerprint of an SSH Key, though since you do not have an SSH Key stored, you would have to first store one and then access it using the method about or using the API.
  
  The only real purpose of the web server fingerprint is to identify servers that you have an have not connected to. For those you've not connected to, you'll get a message like the above. For those you have connected to and authorized, you'll either be asked for your username & password, just the password, or the password associated with your SSH Key.
  
  quazirfan January 18, 2017
  
  You can't physically pull the web servers fingerprint from within the control panel or using the API.
  
  Yes, that's what I was asking. How/where do can I find the fingerprint of the server.
  
  I've found a way. I've accessed the terminal of the system and ran the following command and it gives me the fingerprint of the server.
  
  ssh localhost
  
  But from the output it looks like the system is trying to connect with itself...
  
  jtittle1 January 18, 2017
  
  @quazirfan
  
  The fingerprint you're seeing when attempting to connect for the first time isn't something that's managed by DigitalOcean -- it's managed locally by your OS.
  
  It's purpose is to alert you when your local machine doesn't recognize the machine you're connecting to. When your machine (laptop, desktop, etc) doesn't recognize the machine you're connecting to, you'll get that prompt. When it does, you'll only be prompted for a username & password, a password, or the password of your SSH key -- it just depends on how you're connecting (i.e what you pass to the ssh command) and whether you have an SSH key on that machine and valid private key locally.
  
  How it's managed is through your known hosts file. This varies by OS in terms of location. For example, on MacOS, it's located in ~/.ssh/known_hosts. That file is where the fingerprint you're seeing gets stored. It's not stored on your Droplet or elsewhere.
  
  The only time you'll be able to pull a fingerprint from DigitalOcean is when you have valid SSH keys assigned to your account. When you do, you can access the API and pull down various sorts of information and use it to your liking, but the fingerprint your seeing isn't something that's included in that pull, or even outside the API.
  
  When you run:
  
  ssh localhost
  
  Your attempting to connect to your local machine :-).

Accepted Answer

lucaszanella March 4, 2017

https://github.com/lucaszanella/digital-ocean-fingerprint-fix

This is the simplest fix I could think about using already existing concepts

Reply

How to find the fingerprint of my droplet?

Leave a Comment

Share

Share your Question

How to find the fingerprint of my droplet?

Leave a Comment

Related Questions

Almost there!

Report a Bug