How do I get SSH to prompt me with the RSA key instead of the ECDSA key?

You can also tell the server what algorithm to use from the client (for example if you already have the rsa fingerprint written down and are physically far from the server)

  ssh -oHostKeyAlgorithms='ssh-rsa' host

Don't use RSA since ECDSA is the new default. Newer things are sometimes better. Default things are often better for the convenience of most people. A new thing that is a default thing is very probably better for most people.

On the server do this:

ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key.pub

and record that number.

On the client you can SSH to the host and if and when you see that same number, you can answer the prompt

Are you sure you want to continue connecting (yes/no)?

affirmatively. Then the ECDSA key will get recorded on the client in the known_hosts file at the default location so that future use of ssh will not require you to acknowledge the identity of the remote host.

Addendum:

If you will ever stop using that remote host, perhaps because it is a cloud server that you have deleted, then delete the record from the known_hosts file via:

ssh-keygen -R 255.255.255.255

or something like that.


Yes, OK switch to ECDSA soon, but in the meantime try this:

ssh -oHostKeyAlgorithms=ssh-rsa -o FingerprintHash=md5 [email protected]

Tags:

Ssh