UNIX for Dummies Questions & Answers

I was wondering why does ssh store the fingerprints of remote host when connecting for the first time?

I will appreciate a detailed response, can't figure it out.

Welcome ChiefGandalf,

When you use an SSH connection for the first time, you have to consider where you are connecting to. The remote server send you a fingerprint that (if you wish) you can confirm before proceeding. Having accepted this fingerprint, connections are then silent, however if someone managed to intercept and assume the identity of the servers IP address, then the fingerprint will not match and you will be alerted. A scheduled attempt to ssh, sftp, scp etc. will fail and assuming that you have correct error checking in your code, then you can choose to be alerted.

As humans, we recognise people by faces & voices and will happily converse with people we recognise. If you go to a criminal forensics level, then fingerprints can be used to ascertain identity.

It comes down to recording who you trust and will therefore be happy to share with in future. This is most important when reaching out through the public internet to a remove service offered by another company. If you wish to do business with them (perhaps bank transaction instructions) then you want to be certain that you are dealing with the right server. You should always confirm with the owner of the remote server that you have the correct fingerprint.

Don't do this be accepting they key and sending them the key though the same connection. Perhaps ask them to send it to you in some other way or read it out phonetically over the phone. Make sure it is someone you trust and that you make the call rather than accept an untraceable incoming call.



Robin

A fingerprint is a hash of a remote site's public key which is stored locally on your computer and used to automatically authenticate that site's public key the next time you access that site.