This section provides an example of connecting to a remote host via the ssh command. Line numbers have been added here to help explain the actions taken.
1. [user1@localhost ~]$ ssh foo.example.com
2. The authenticity of host 'foo.example.com (10.0.0.1)' can't be established.
3. RSA key fingerprint is eb:63:02:da:88:e5:a6:fc:71:31:15:0b:cd:56:5d:3f.
4. Are you sure you want to continue connecting (yes/no)? yes
5. Warning: Permanently added 'foo.example.com,10.0.0.1' (RSA) to the list of known hosts.
6. user1@foo.example.com's password: *********
7. [user1@foo ~]$
Line 1 shows that the user1 user on the client system is initiating an SSH connection to a server with the ssh command. The server's domain name is foo.example.com, but its IP address (10.0.0.1) could be used instead.
Line 2, 3 and 4 check the key fingerprint of the remote host against local copies, if they exist, in the ~/home/user1/.ssh/known_hosts file. If none exist for this host, as occurs in the above example, the user is then prompted, after displaying the fingerprint, whether or not to add this record in the same known_hosts file by entering yes or no.
Line 5 displays the result, in this case, that the fingerprint has been added to the local file. This mapping will be used in the future when connecting to this host.
Line 6 in this example shows where the password for user1@foo.example.com is entered.
Line 7 shows the prompt of the remote machine after authentication has been successful. At this point, no matter what authentication technique is in use, the user has access to the remote machine, and it can be configured as though it were a local connection. Of course, the limit of what the user has access to on the remote machine is still dependent on regular permissions and controls.
The following can happen and is possibly not good: TBD..
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
eb:62:1a:da:38:f5:e6:ec:10:31:17:0b:cf:56:5d:3f.
Please contact your system administrator.
Add correct host key in /home/user1/.ssh/known_hosts to get rid of this message.
Offending key in /home/user/.ssh/known_hosts:11
RSA host key for foo.example.com has changed and you have requested strict checking.
Host key verification failed.
