When logging in using SSH access (to a remotely
hosted account), I received a prompt to accept
a server's key fingerprint. Wrote that string
of code down for comparision.
Already emailed my host for their listing of the
string of code for the server's key fingerprint
(for comparison, verification and security).
Tech rep responds:
'just click Accept';
later, 'don't know why you want to know'.
I've tried the addresses of
https:// ip number :2083/
https:// ip number :2096/
https:// ip number /~username/
but the certificate shows no code string
within any of the listings like the SSH
access prompt's code string.
I may simply be looking in the wrong places.
Where can we find the listing of the server
key fingerprint please?
I think most people are not following what you need.
When you log into the remote server you are accepting the servers host key. This is done the first time you go there. The next time you go there, ssh will check to make sure the host key you accepted the first time is still the same host key. If it's not you will get a man-in-the-middle error. This says, "Hey, your host key doesn't match what I have for a host key. Either I somehow have a new host key or someone is trying to become the target server." If you trust the server, you accept the new host key which is stored locally for you. Once this has taken place you should be prompted to enter your passphrase.
Host keys are used to identify servers. Why? Cause someone could be performing a DOS attack against the real server. There could be IP spoofing of some sort going on. This helps prevent that.