I’ve been learning how to properly confirm fingerprints when connecting to a server via SFTP. This involves confirming an SSH key pair on the server and my local machine. I followed the WPEngine guide below recently to show me how to generate an SSH key pair, and how to check the fingerprints.
The main steps were:
- Generate a new key with the Mac command:
ssh-keygen -t ed25519 -f ~/.ssh/wpengine_ed25519 - Retrieve the key file content, and paste into your WPE SSH keys. Use the following command to generate the public key file content:
cat ~/.ssh/wpengine_ed25519.pub - Print the public key to your Mac using the following command. Check that the key printed in the terminal on your Mac, and the key on the server match. Command to print public key:
ssh-keygen -E md5 -lf ~/.ssh/wpengine_ed25519.pub
The public key pair is different than the one shown when connecting via SFTP. The format is different. However, when connecting via SFTP, I selected “Key file” under “Logon Type.” Then I selected the private “wpengine_ed25519” key from above. Since I have used this SSH key to connect, and verified the fingerprint from my Mac to my Server by printing the public key with the command ssh-keygen -E md5 -lf ~/.ssh/wpengine_ed25519.pub, everything should be good to go.
There is a way to check the fingerprint that is displayed during the Filezilla connection initiation as well, but I don’t yet know how to do that in WPE.
Cheers,
Omar S.