When you connect for the first the remote host will send its public key to your computer. This way data can be kept secure between the client and the host. The first part of the key is private and kept securely on the ssh host (the remote computer you want to log in to) and the second part is public and shared to the users who want to connect.ĭata encrypted with one key can be decrypted with the other and vice versa. It uses a two part encryption key to encode the data transmitted.
This is what ssh uses to encrypt traffic.
However, this is a crucial part of the ssh infrastructure and understanding it will help you use ssh securely and to its full potential. We encountered a cryptic prompt (pun intended) when connecting to the machine for the first time: The authenticity of host ' (IP address)' can't be established.ĮCDSA key fingerprint is SHA256:abcdefghhijklmonpqrstuvwxyz.Īre you sure you want to continue connecting (yes/no)?Īt that point we just wanted to connect and ignored this prompt. We briefly mentioned ssh is securely encrypted. In the earlier post, we talked about basic ssh setup and use. Please consider supporting Scripting OS X by buying one of my books!
SSH Keys, Part 1: Host Verification (this post).