We have all done it. When SSH asks us this familiar question:
$ ssh redpilllinpro01.ring.nlnog.net The authenticity of host 'redpilllinpro01.ring.nlnog.net (2a02:c0:200:104::1)' can't be established. ECDSA key fingerprint is SHA256:IM/o2Qakw4q7vo9dBMLKuKAMioA7UeJSoVhfc5CYsCs. Are you sure you want to continue connecting (yes/no/[fingerprint])?
…we just answer yes
- without bothering to verify the fingerprint shown.
Many of us will even automate answering yes
to this question by adding StrictHostKeyChecking accept-new
to ... [continue reading]