ssh-fingerprints/hashes of the public-keys for our login-nodes (all host-keys got exchanged in the service window 26/27 of July 2020)

This page is easily locatable with the keyword “fingerprint” on our homepage. Please always check when connecting the first time to our GBAR/HPC-setup that the fingerprints on this homepage are matching with the ones your ssh-client is asking you to confirm. Each server has a unique fingerprint. Also keep in mind that “different names” might cause trouble.

( and are pointing to the same machine, but have “different hostnames”, which create different entries in your local ~/.ssh/known_hosts file.)

Valid fingerprints after the 26/07/2020 service window:
4096 SHA256:YUSTE2mAA8ObrzhJlEZaVFXdUOP+ax8Ax8e9ObjlDOY (RSA)
256 SHA256:dgbs90pstBovEJm8kXWkYTmeJNqNWTNheOEPEvZCBCI (ED25519)
4096 MD5:dc:a6:71:56:e9:b0:0f:31:1f:11:dc:ff:e7:77:81:7b (RSA)
256 MD5:fe:f3:70:30:a9:f2:f3:e2:c5:7a:cc:b2:8a:5f:31:3c (ED25519) 4096 SHA256:yPlWh07d1a6YtUNPJRT0NdxYDUXD56ZBMJiS3h/tQmI / (RSA) 256 SHA256:vfc+kYH+/Vjgk9Ifq1ZsxPm2bOFfC/Z535T7sMSO1ps / (ED25519) 4096 SHA256:5vnARbg5huPjAKBPxxj779UYp/1312WIEcCOcY6zki4 (RSA) 256 SHA256:c3YBugAWV8dhOfi07R+kmtk+RRd50tZ5tjm0wFjJmtQ (ED25519) 4096 SHA256:Tdu8DxECjRCKKGCFaNdUo31/ys62td9YIDkertWQkZU / (RSA) 256 SHA256:rVEL/26JE4fF0C9U/yZaVc9uXJCf7c5xlErG8hotjgU / (ED25519) 4096 SHA256:3vb5eJYHs75ATk9oNktHJ5ZY5JoBxd3cuHNYxfzRh9M (RSA) 256 SHA256:0TWdGR8PUDqnr0QsU5VXNCmUuT8vedL6wPBHF1WXnOk (ED25519) 4096 SHA256:XimxoGl38Mv0uCDGBYt/WKSA0h+BZNYtqxk7bjxdUPA (RSA) 256 SHA256:m1aeLCrLRwt9VTLcjOCJlKceFPnWNK6OW1yRb7Y789E (ED25519)


We have tightened our ssh-security a little bit. To be able to connect to our setup your ssh-version needs to be OpenSSH-7.4-(or compatible) or newer. The newest putty&similar also work nicely. Outdated&Unsupported Linux-Distributions and almost outdated-Linux-Distributions (like Redhat-6.x) are not “new” enough to be able to connect to our systems.

Problematic are also ssh-clients based on “not really up-to-date” java-based ssh-libraries which are sometimes hidden within “commercial products” which don’t want to be named on this page. If you encounter such a problem when trying to connect within DTU to our systems: please open a ticket:

ssh-agent forwarding is disabled due to security-considerations.

When using ssh-public-key-authentication: please use RSA with 4096 bits or the Elliptic-Curve-Krypto based on ed25519. Other “oldfashioned-crypto” like DSA&EDCSA as public-key-authentication will be blocked at the end of the year 2020.

But… ssh-client is complaning now…..How to get a valid-key again?

After this service window you can remove old keys manually either with editing your


-file and removing the offending lines or with this command:

ssh-keygen -R <hostname>

so….for example:

ssh-keygen -R

And then ssh into again and check the key which is offered with the one on the top of this page and then confirm the fingerprint/hostkey.

But…this is messy: ssh-host-key-exchange(s) and how to get new keys in the future:

To get the updated public-host-keys in the future, please put this into your ~/.ssh/config (then your ssh-client is able to update your local ~/.ssh/known_hosts-file with updated keys and will remove old keys):

# ~/.ssh/config
Host * *
ServerAliveInterval 30 UpdateHostKeys yes

or make sure, that your ssh-client is asking you before doing any changes:

# ~/.ssh/config
Host * * ServerAliveInterval 30 UpdateHostKeys ask