Page 1 of 1

Server's Host Key is Unknown Error

Posted: 2013-07-03 14:34
by gtilflm
Hi. My webhost is HostGator and they recently switched all shared server customers to new hardware and changed a few other things along the way including my ip address. Now, when I connect via SFTP using FZ, I get a "Server's Host Key is Unknown Error" (see the attached image).

After asking HostGator about this, a self-described Linux System Administrator said: "It looks like you are using SFTP to connect to your server. By design whenever you use SFTP or SSH to login to a server for the first time you are presented with the warning you received asking you to accept the server's SSH key. This is perfectly normal behavior, and you can safely accept the warning."

This doesn't feel right. Is this really "perfectly normal behavior"?

Thanks!

Re: Server's Host Key is Unknown Error

Posted: 2013-07-03 18:45
by botg
It's normal behavior and part of the TOFU (Trust on first use) security model as employed by SSH. See e.g. http://en.wikipedia.org/wiki/User:Dotdo ... _First_Use

Note that you must not blindly accept it. You must check with the server administrator that the presented host-key is actually the host key used by the server, and not some other host-key used by a man-in-the-middle attacker intercepting your connection.

Re: Server's Host Key is Unknown Error

Posted: 2013-07-04 17:24
by boco
Note that FileZilla uses the TOFU concept for FTPS, too.

Posted: 2016-09-10 00:08
by zylstra
How do I view the server's host key in WHM or cPanel?