The fingerprints are used to guard against man in the middle attacks. Since ssh logins usually work over the internet (an insecure connection), someone could hijack your connection. When you try to log into yourmachine.com, he could get "in the middle" and return your challenge as if he was yourmachine.com. That way, he could get hold of your login password.To make this attack harder, ssh stores the fingerprint of the server's public key on the first connection attempt. You will see a prompt like:The authenticity of host 'eisen (137.43.366.64)' can't be established.RSA key fingerprint is cf:55:30:31:7f:f0:c4:a0:9a:02:1d:1c:41:cf:63:cf.Are you sure you want to continue connecting (yes/no)When you enter yes, ssh will add the fingerprint to your known_hosts file. you will seeCode:Warning: Permanently added 'eisen, 137.43.366.64' (RSA) to the list of known hosts.The next time you login, ssh will check whether the host key has changed. A changing host key usually indicates a man in the middle attack, and ssh refuses to connect.
The fingerprints are used to guard against man in the middle attacks. Since ssh logins usually work over the internet (an insecure connection), someone could hijack your connection. When you try to log into yourmachine.com, he could get "in the middle" and return your challenge as if he was yourmachine.com. That way, he could get hold of your login password.
To make this attack harder, ssh stores the fingerprint of the server's public key on the first connection attempt. You will see a prompt like:
The authenticity of host 'eisen (137.43.366.64)' can't be established.
RSA key fingerprint is cf:55:30:31:7f:f0:c4:a0:9a:02:1d:1c:41:cf:63:cf.
Are you sure you want to continue connecting (yes/no)
When you enter yes, ssh will add the fingerprint to your known_hosts file. you will see
Code:
Warning: Permanently added 'eisen, 137.43.366.64' (RSA) to the list of known hosts.
The next time you login, ssh will check whether the host key has changed. A changing host key usually indicates a man in the middle attack, and ssh refuses to connect.