![]() |
| |||||||||
|
Host Identification DialogWhen you connect to a remote host computer for the first time using public-key authentication, the host sends your local computer its public key in order to identify itself. To help you to verify the host's identity, the Host Identification dialog displays a fingerprint of the host's public key. The fingerprint is represented using the SSH Babble format, and it consists of a pronounceable series of five lowercase letters separated by dashes. If you have reason to suspect that the public key you have received may be forged, you can for example phone the system administrator of the remote host machine and check if the fingerprint is correct. If your work requires the strictest degree of absolute security and you cannot trust the network that was used to deliver the host key, you can ask the system administrator of the remote host computer to deliver the host's public key to you personally, for example on a diskette. This way the key is never passed over the network and you can be absolutely sure that it has not been forged. When using that host key with an SSH Secure Shell connection, you can be sure that you are connecting to the correct host and that there is no possibility of outside intrusion. However, for ordinary use this procedure can be seen as overkill. The Host Identification dialog asks if you want to store the host key on your local computer. If you connect regularly to the host you will probably want to keep the key. This prevents an attack where someone can steal your connection.
![]()
If you save the host key, you do not have to go through this procedure again the next time you login. The host's public key will still be checked with each connection, but this will be done automatically, without user intervention. The known host keys will be saved in a local database that is specific to each user of the local computer. This way each user will build a personal database of the public keys of known and trusted hosts. [ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]
Copyright © 2001 SSH Communications Security Corp |