Host key checking

In host key checking, ssh automatically maintains and checks a database containing identification for all hosts it has ever been used with. Host keys are stored in ~/.ssh/known_hosts in the user's home directory. Additionally, the /etc/ssh/ssh_known_hosts file is automatically checked for known hosts. Any new hosts can be automatically added to the user's file. If a host's identification changes, ssh warns about this and disables password authentication to prevent server spoofing or man-in-the-middle attacks, which could otherwise be used to circumvent the encryption. The ssh_config keyword StrictHostKeyChecking can be used to control logins to machines whose host key is not known or has changed. The keyword is described in StrictHostKeyChecking.

Because of the difficulty of comparing host keys just by looking at hex strings, there is also support to compare host keys visually, using random art. By setting the VisualHostKey option to "yes", a small ASCII graphic gets displayed on every login to a server, no matter if the session itself is interactive or not. By learning the pattern a known server produces, a user can easily find out that the host key has changed when a completely different pattern is displayed. Because these patterns are not unambiguous however, a pattern that looks similar to the pattern remembered only gives a good probability that the host key is the same, not guaranteed proof.

To get a listing of the fingerprints along with their random art for all known hosts, the following command line can be used:

$ ssh-keygen -lv -f ~/.ssh/known_hosts

If the fingerprint is unknown, an alternative method of verification is available: SSH fingerprints verified by DNS. An additional resource record (RR), SSHFP, is added to a zonefile and the connecting client is able to match the fingerprint with that of the key presented. SSHFP DNS records are not currently supported by z/OS UNIX.

Guideline: Before connecting to a server for the first time, it is recommended to gather host keys of the target server and add them to the local user's known hosts file ~/.ssh/known_hosts. If the preparation is not done, when connecting to the server, the ssh client might ask whether to continue connecting and will display the fingerprint of the host key. Before making the decision, verify the displayed host key fingerprint carefully to prevent server spoofing or man-in-the-middle attacks. The command ssh-keyscan could gather the public host keys for the target server and the command ssh-keygen -l could show the fingerprint of the specified public key file. See ssh-keyscan - Gather ssh public keys and ssh-keygen - Authentication key generation, management, and conversion for more information. After the user has confirmed the connection, ssh will add the new host key to the user known host files automatically. Additional host keys can also be added by enabling the option UpdateHostKeys defined in the configuration file ssh_config. For security reasons, it is recommended to set the option HostKeyAlgorithms explicitly (without '+' or '-'). This is defined in the configuration file ssh_config and should be set according to the type of host keys stored in ~/.ssh/known_hosts and /etc/ssh/ssh_known_hosts. Using the default list of HostKeyAlgorithms could help attackers identify users connecting to a server for the first time without false positives. For more information about options UpdateHostKeys and HostKeyAlgorithms, see UpdateHostKeys and HostKeyAlgorithms in File format.