SSH Communications Security
Index
SSH Home page
Previous Next Up [Contents] [Index]

    Introduction >>
    Configuration >>
    Connecting >>
        Quick Connect
        Profiles >>
        Key Generation >>
        Connecting to a Remote Host Computer>>
            Host Identification Dialog
            Connect to Remote Host Dialog
        Uploading Your Public Key >>
        Using Public-Key Authentication
        Command Line Options
    Terminal Window >>
    File Transfer >>
    Toolbar Reference >>
    Menu Reference >>
    Advanced Information >>
    Troubleshooting >>
    Appendices >>

Host Identification Dialog

When you connect to a remote host computer for the first time using public-key authentication, the host sends your local computer its public key in order to identify itself.

To help you to verify the host's identity, the Host Identification dialog displays a fingerprint of the host's public key. The fingerprint is represented using the SSH Babble format, and it consists of a pronounceable series of five lowercase letters separated by dashes. If you have reason to suspect that the public key you have received may be forged, you can for example phone the system administrator of the remote host machine and check if the fingerprint is correct.

If your work requires the strictest degree of absolute security and you cannot trust the network that was used to deliver the host key, you can ask the system administrator of the remote host computer to deliver the host's public key to you personally, for example on a diskette. This way the key is never passed over the network and you can be absolutely sure that it has not been forged. When using that host key with an SSH Secure Shell connection, you can be sure that you are connecting to the correct host and that there is no possibility of outside intrusion. However, for ordinary use this procedure can be seen as overkill.

The Host Identification dialog asks if you want to store the host key on your local computer. If you connect regularly to the host you will probably want to keep the key. This prevents an attack where someone can steal your connection.


hostidentification-dialog-42.gif
Figure : The Host Identification dialog.

  • Yes

    You can save the host key to the local database by clicking Yes.

  • No

    You can continue without saving the host key by clicking No. If you choose not to save the host key locally, you will be asked to the make this selection again next time you connect to this host.

  • Cancel

    You can also cancel the connection by clicking on the Cancel button. This causes an authentication failure, and the connection will be canceled.

  • Help

    Click the Help button to view the online help.

If you save the host key, you do not have to go through this procedure again the next time you login. The host's public key will still be checked with each connection, but this will be done automatically, without user intervention.

The known host keys will be saved in a local database that is specific to each user of the local computer. This way each user will build a personal database of the public keys of known and trusted hosts.

Previous Next Up [Contents] [Index]


[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]

Copyright © 2001 SSH Communications Security Corp
All rights reserved.
Copyright Notice