8

when connecting to a git repository using SSH for the first time, it is asked to confirm the authenticity of the host according to its fingerprint:

The authenticity of host 'github.com (192.30.255.112)' can't be established.
RSA key fingerprint is SHA256:....
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes

And there we have 3 choices : "yes", "no" and "[fingerprint]". I understand well the "yes" and "no" response:

yes = I've checked the fingerprint of the host and it is OK, please connect me.

no = The fingerprint of the host is different, please don't connect me.

But I didn't found any documentation about the third option. In every documentation I checked like this one from Microsoft or this one from Heroku there are only two options : "yes" or "no".

Why do I have a third option "[fingerprint]" and what is its purpose ?

bN_
  • 772
  • 14
  • 20
  • 1
    I'm not positive, but I think you can copy and paste the fingerprint itself at the prompt, which will ask `ssh` to compare the two fingerprints for you. (This requires you to *get* the fingerprint first; don't just copy the fingerprint that the host itself is reporting.) – chepner Oct 22 '21 at 11:52

1 Answers1

9

each ssh server have host ssh keys, which are used for

  1. auth host and later check that you are connecting to the same host
  2. to establish secure connection (exchange credentials in secure way)

So first time you are connecting to any ssh server, you will get public key and fingerprint of this key, and proposition to store fingerprint in "known hosts" file.

fingerprint is a new option just in addition to "yes", so you can provide fingerprint manually if you have received it in other way. https://github.com/openssh/openssh-portable/commit/05b9a466700b44d49492edc2aa415fc2e8913dfe

seems manpages is not updated yet.

Saboteur
  • 1,331
  • 5
  • 12