The SSH server (and clients) also use another key file
: ssh_known_hosts
This file contains public keys from other hosts.
This file must contain the host keys of all trusted
clients.
When you use SSH the first time, you are asked if you
want to accept the host public_key.
[root@Hamming etc]# ssh
mlevan@12.222.236.168 The authenticity of host
'12.222.236.168 (12.222.236.168)' can't be established. RSA key fingerprint is
f8:48:3f:ac:46:90:f3:38:31:65:f4:4a:eb:81:00:c9. Are you sure you want to continue
connecting (yes/no)? yes Warning: Permanently added
'12.222.236.168' (RSA) to the list of known hosts.
If that key changes, you will receive a warning :
dhcp-129-64-76-193:~
zshaw$ ssh harpo.unet.brandeis.edu
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST
IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS
DOING SOMETHING NASTY!
Someone could be eavesdropping on
you right now (man-in-the-middle attack)!
It is also possible that the RSA
host key has just been changed.
The fingerprint for the RSA key
sent by the remote host is
f2:92:1d:da:81:2a:d7:16:0a:48:f0:43:20:1c:f4:b5.
Please contact your system
administrator.
Add correct host key in
/Users/zshaw/.ssh/known_hosts to get rid of this message.
Offending key in
/Users/zshaw/.ssh/known_hosts:5
Password authentication is
disabled to avoid man-in-the-middle attacks.
X11 forwarding is disabled to
avoid man-in-the-middle attacks.
Permission denied
(publickey,password,keyboard-interactive).
If you get this message, contact the system
administrator of the system you are trying to connect to and determine
if the key has been changed. If it has, then it is safe to remove this
key and get the new key. If not, then someone might be trying to
deceive you.