Connect with OpenSSH

How to Connect

If your system has OpenSSH installed, open up a command prompt and type:

$ ssh username@example.com

Replace username and example.com.

When you first connect, OpenSSH will ask if you trust the server's fingerprints:

The authenticity of host 'example.com (10.0.0.1)' can't be established.
ED25519 key fingerprint is SHA256:ofE4jf8n0C+ULqWp4stgCK4+CmFiLl/ysc50azIEkVI.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? 

In order to verify the SSH fingerprints, you will need some method to connect out-of-band (using some other method). IRCNow publishes a list of SSH fingerprints. You can also check the fingerprints using DNS as described below.

WARNING: If the fingerprints do not match, do not connect! You may want to consider alerting your sysadmin; sshd may be configured incorrectly, or even worse, there may be a Man-In-The-Middle Attack?.

Check SSH Fingerprints

Servers can put their SSH fingerprints in DNS using SSHFP records:

$ ssh -o "VerifyHostKeyDNS ask" username@example.com
The authenticity of host 'example.com (10.0.0.1)' can't be established.
ED25519 key fingerprint is SHA256:ofE4jf8n0C+ULqWp4stgCK4+CmFiLl/ysc50azIEkVI.
Matching host key fingerprint found in DNS.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])?

Replace username and example.com.

If SSHFP is set correctly, you should see this line:

Matching host key fingerprint found in DNS.

DNSSEC should be enabled for better security.

Again, if the host key fingerprint does not match, you probably do 'not want to connect. You may also need to contact your sysadmin.