Connect with OpenSSH
How to Connect
If your system has OpenSSH installed, open up a command prompt and type:
$ ssh username@example.com
Replace username
and example.com
.
When you first connect, OpenSSH will ask if you trust the server's fingerprints:
The authenticity of host 'example.com (10.0.0.1)' can't be established. ED25519 key fingerprint is SHA256:ofE4jf8n0C+ULqWp4stgCK4+CmFiLl/ysc50azIEkVI. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])?
In order to verify the SSH fingerprints, you will need some method to connect out-of-band (using some other method). IRCNow publishes a list of SSH fingerprints. You can also check the fingerprints using DNS as described below.
WARNING: If the fingerprints do not match, do not connect! You may want to consider alerting your sysadmin; sshd may be configured incorrectly, or even worse, there may be a Man-In-The-Middle Attack?.
Check SSH Fingerprints
Servers can put their SSH fingerprints in DNS using SSHFP records:
$ ssh -o "VerifyHostKeyDNS ask" username@example.com The authenticity of host 'example.com (10.0.0.1)' can't be established. ED25519 key fingerprint is SHA256:ofE4jf8n0C+ULqWp4stgCK4+CmFiLl/ysc50azIEkVI. Matching host key fingerprint found in DNS. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])?
Replace username
and example.com
.
If SSHFP is set correctly, you should see this line:
Matching host key fingerprint found in DNS.
DNSSEC should be enabled for better security.
Again, if the host key fingerprint does not match, you probably do 'not want to connect. You may also need to contact your sysadmin.