Le 20/09/2020 à 18:59, Beco a écrit : > I mean the numbers are completely different. > PUTTY: not only different, but it appears to get a ED25519 which is not > on the server. > SSH powershell: It gets ECDSA, which is the algorithm accepted, but a > completely different hex code. > > If I run on my notebook the command: > My answer is OK > > $ nmap -p22 -n --script ssh-hostkey the.server.in.question > Starting Nmap 7.70 ( https://nmap.org ) at 2020-09-19 19:12 -03 > Nmap scan report for the.server.in.question (198.200.100.50) > Host is up (0.0055s latency). > PORT STATE SERVICE > 22/tcp open ssh > | ssh-hostkey: > | 2048 33:44:55:66:77:88:99:11:22:33:44:55:66:77:aa:bb (RSA) > | 256 cc:99:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee (ECDSA) > Nmap done: 1 IP address (1 host up) scanned in 1.05 seconds > > My notebook (external) shows correct server IP and the 2 accepted > fingerprints. > > > > On Bob's notebook: > > $ nmap -p22 -n --script ssh-hostkey the.server.in.question > Starting Nmap 7.70 ( https://nmap.org ) at 2020-09-19 18:12 -03 > Nmap scan report for the.server.in.question (198.200.100.50) > Host is up (0.0055s latency). > PORT STATE SERVICE > 22/tcp open ssh > | ssh-hostkey: > | 2048 12:34:56:78:9c:cd:dc:cd:de:ef:f0:01:12:13:14:15 (RSA) > | 256 5b:6b:4b:3b:2b:1b:8b:2b:7b:9b:9b:0b:3b:5b:4b:3b (ECDSA) > |_ 256 a1:a2:a3:a4:a5:a6:a7:a8:a9:a0:a1:a2:a3:a4:a5:a6 (ED25519) > Nmap done: 1 IP address (1 host up) scanned in 1.05 seconds > > All wrong. >
Very strange, could be a router in your network that NAT his connection to the wrong server. Have you tried to scan other servers in your network to look for the same fingerprints? I can't see how he can get back answering packets with the right IP but not the right fingerprint if a network device wasn't changing the IP somewhere on the route between him and the server.