What is the purpose of the "[fingerprint]" option during SSH host authenticity check?
when connecting to a git repository using SSH for the first time, it is asked to confirm the authenticity of the host according to its fingerprint:
The authenticity of host 'github.com (188.8.131.52)' can't be established. RSA key fingerprint is SHA256:.... Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
And there we have 3 choices : "yes", "no" and "[fingerprint]". I understand well the "yes" and "no" response:
yes = I’ve checked the fingerprint of the host and it is OK, please connect me.
no = The fingerprint of the host is different, please don’t connect me.
Why do I have a third option "[fingerprint]" and what is its purpose ?
each ssh server have host ssh keys, which are used for
- auth host and later check that you are connecting to the same host
- to establish secure connection (exchange credentials in secure way)
So first time you are connecting to any ssh server, you will get public key and fingerprint of this key, and proposition to store fingerprint in "known hosts" file.
fingerprint is a new option just in addition to "yes", so you can provide fingerprint manually if you have received it in other way.
seems manpages is not updated yet.
Answered By – Saboteur