Some tasks that involve communication with a remote server require that you provide the SSH fingerprint for the remote server. The SSH fingerprint is derived from a host key on the remote server.

To connect using SSH, the NSX Manager and the remote server must have a host key type in common. NSX Manager supports the ECDSA (256 bit) key. The default location of this key is /etc/ssh/ssh_host_ecdsa_key.pub.

Having the fingerprint for a remote server helps you confirm you are connecting to the correct server, protecting you from man-in-the-middle attacks. You can ask the administrator of the remote server to provide the SSH fingerprint of the server. Or you can connect to the remote server to find the fingerprint. Connecting to the server over console is more secure than over the network.

Procedure

  1. Log in to the remote server as root.
    Logging in using a console is more secure than over the network.
  2. Locate the ECDSA (256 bit) key. The default location of the key is /etc/ssh/ssh_host_ecdsa_key.pub. 
    $ ls -al /etc/ssh/*pub
-rw-r--r-- 1 root root  93 Apr  8 18:10 ssh_host_ecdsa_key.pub
-rw-r--r-- 1 root root 393 Apr  8 18:10 ssh_host_rsa_key.pub
  3. Get the fingerprint of the key. 
    ssh-keygen -lf /etc/ssh/ssh_host_ecdsa_key.pub | awk '{print $2}'