Home > Enterprise >  What is the purpose of the "[fingerprint]" option during SSH host authenticity check?
What is the purpose of the "[fingerprint]" option during SSH host authenticity check?

Time:10-25

when connecting to a git repository using SSH for the first time, it is asked to confirm the authenticity of the host according to its fingerprint:

The authenticity of host 'github.com (192.30.255.112)' can't be established.
RSA key fingerprint is SHA256:....
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes

And there we have 3 choices : "yes", "no" and "[fingerprint]". I understand well the "yes" and "no" response:

yes = I've checked the fingerprint of the host and it is OK, please connect me.

no = The fingerprint of the host is different, please don't connect me.

But I didn't found any documentation about the third option. In every documentation I checked like this one from Microsoft or this one from Heroku there are only two options : "yes" or "no".

Why do I have a third option "[fingerprint]" and what is its purpose ?

CodePudding user response:

each ssh server have host ssh keys, which are used for

  1. auth host and later check that you are connecting to the same host
  2. to establish secure connection (exchange credentials in secure way)

So first time you are connecting to any ssh server, you will get public key and fingerprint of this key, and proposition to store fingerprint in "known hosts" file.

fingerprint is a new option just in addition to "yes", so you can provide fingerprint manually if you have received it in other way. https://github.com/openssh/openssh-portable/commit/05b9a466700b44d49492edc2aa415fc2e8913dfe

seems manpages is not updated yet.

  • Related