Hi Stefan,
this helped a bit, but “Use host key > Fingerprint” only supports MD5 fingerprint entries.
But the response from the destination host sshd via secure gateway tunnel is ssh-rsa SHA256.
So, getting the MD5 fingerprint from a machine only reachable behind a tunnel is not easy imho.
I was hopping manually and used the way from https://superuser.com/questions/929566/sha256-ssh-fingerprint-given-by-the-client-but-only-md5-fingerprint-known-for-se to find out the MD5 fingerprint, but this is a pain, if I should do this for all machines before I can use them via gateway.
Isn’t there a way to automatically put such a fingerprint to the machine’s “Advanced > SSH Settings > General: Use host key > Fingerprint” entry (with support for modern hashed fingerprints and not only MD5)?
If I connect to a new secure gateway for example it also puts the MD5 fingerprint automatically to the “Advanced > Security > General : Fingerprint” entry.
Since you are using the PuTTY plugin theres not much we can do. When you use the Rebex plugin we can do more in this regard. Sorry to be the bearer of bad news.
Hi Stefan,
I tried Rebex terminal plugin for the destination host connection using the same (rebex based) Secure Gateway with enabled Pageant Auth. Agent.
It shows me a responded ssh-dss fingerprint from the destination host, which can be written in the connection object. So far, so good.`
But after that, it asks for a SSH Auth. Request and asks for credentials.
I already also configured the Pageant Auth. Agent in the host connection object, but this does not seem to work.
If I connect to the gateway host using rebex plugin with Pageant and then connect to the destination host via ssh, this works without an additionally authentication.
What is the issue now ?O.o?
Not sure what’s going on but I suggest you enable verbose logging to see the communication/flow of the ssh connection.
Hmm, another issue seems, that rebex has no option to forward X11, which definitely is needed for our business.
So, I think, I still have to go with PuTTY plugin and need to determine all MD5 fingerprints of the hosts.
But thanks anyway.
That’s true, X11 forwarding is only available using PuTTY.
