VMware Cloud Community
PleaseLetMeDown
Contributor
Contributor
Jump to solution

ESXi Thumbprint Mismatch Putty

Hello All,

After much frustration of trying to figure it out, I give up.  Does anyone know how to get Putty to display the matching ESXi thumbprint?  I do not get the same thumbprint from Putty when connecting to an ESXi 6.5 host compared to the thumbprint shown in ESXi support info or rui.crt.

See below:

pastedImage_0.png

I am assuming it is a different key type but I cannot figure out how to get openssl to display the key Putty is displaying.  Can anyone please help me.

Thanks,

Robert

Reply
0 Kudos
1 Solution

Accepted Solutions
PleaseLetMeDown
Contributor
Contributor
Jump to solution

cd to /usr/lib/vmware/openssh/bin/

./ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub -E md5

          [root@host:/usr/lib/vmware/openssh/bin] ./ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub -E md5

          2048 MD5:19:c7:13:ee:6f:71:07:08:6e:88:4c:aa:eb:26:69:7f no comment (RSA)

View solution in original post

Reply
0 Kudos
6 Replies
NirbhayRathore
Contributor
Contributor
Jump to solution

It is just informing you that that your local machine has different Key associated with this IP.

Did you reinstall the ESXi host or used the same management IP for another Linux Machine or ESXi host ?

Reply
0 Kudos
IRIX201110141
Champion
Champion
Jump to solution

Why you think that a SSL Key of a OpenSSL service would be the same as a HTTPS Cert Key from WebServer?

Regards,

Joerg

Reply
0 Kudos
PleaseLetMeDown
Contributor
Contributor
Jump to solution

The host has been upgraded.  But there are not saved keys from the past on my computer.  I am looking in Computer\HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\

Thanks,

Robert

Reply
0 Kudos
PleaseLetMeDown
Contributor
Contributor
Jump to solution

I am trying to SSH to the ESXi server.  This is the host key.  I checked and the host certificate is also used connecting though the browser.

Thanks,

Robert

Reply
0 Kudos
PleaseLetMeDown
Contributor
Contributor
Jump to solution

I don't know how this was marked as answered.  Does everyone just ignore the certificate prompts and blindly accept?

Here is the certificate thumbprint:when trying to initiate an SSH connection(no saved key):

pastedImage_1.png

Here is the host certificate from the browser:

pastedImage_2.png

It is the same thumbprint as the host support info.

Am I misunderstanding ESXi? Is the SSH server certificate different than the certificate in /etc/vmware/ssl/?

Thanks,

Robert

Reply
0 Kudos
PleaseLetMeDown
Contributor
Contributor
Jump to solution

cd to /usr/lib/vmware/openssh/bin/

./ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub -E md5

          [root@host:/usr/lib/vmware/openssh/bin] ./ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub -E md5

          2048 MD5:19:c7:13:ee:6f:71:07:08:6e:88:4c:aa:eb:26:69:7f no comment (RSA)

Reply
0 Kudos