Connect with OpenSSH

How to Connect

$ ssh username@example.com

Replace username and example.com.

When you first connect, OpenSSH will ask if you trust the server's fingerprints:

The authenticity of host 'example.com (10.0.0.1)' can't be established.
ED25519 key fingerprint is SHA256:ofE4jf8n0C+ULqWp4stgCK4+CmFiLl/ysc50azIEkVI.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])?

Make sure to first connect using another method to record the ssh fingerprints. Or, if you are connecting to IRCNow's servers, check the list of published fingerprints.

WARNING: If the fingerprints do not match, do not connect! Make sure to alert your sysadmin; sshd may be configured incorrectly, or even worse, there may be a Man-In-The-Middle Attack ?.

Check SSH Fingerprints

Servers can put their SSH fingerprints in DNS using SSHFP records:

$ ssh -o "VerifyHostKeyDNS ask" username@example.com
The authenticity of host 'example.com (10.0.0.1)' can't be established.
ED25519 key fingerprint is SHA256:ofE4jf8n0C+ULqWp4stgCK4+CmFiLl/ysc50azIEkVI.
Matching host key fingerprint found in DNS.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])?

Replace username and example.com.

If SSHFP is set correctly, you should see this line:

Matching host key fingerprint found in DNS.

DNSSEC should be enabled for better security.

If the host key fingerprint does not match, you might want to reconsider connecting.