Continue connecting to an unknown server and add its host key to a cache?

This message appears when WinSCP connects to a new SSH server. Every server identifies itself by means of a host key; once WinSCP knows the host key for a server, it will be able to detect if a malicious attacker redirects your connection to another machine.

Advertisement

If you see this message, it means that WinSCP has not seen this host key before, and has no way of knowing whether it is correct or not. You should attempt to verify the host key by other means, such as asking the machine’s administrator. 1

If the host key fingerprint is correct, press Accept (Yes in the older versions). The host key will be stored to cache and you will not be prompted the next time. If you are unsure, want to defer a host key verification until later, but still need to connect now (taking a risk), select Connect Once in the down-menu of the Accept button (No button in the older versions). The host key will not be cached and you will be prompted again the next time. If the fingerprint is not correct or if you do not know the correct fingerprint, press Cancel to abort connection.

If you have the correct host key (or its fingerprint) in a digital form, instead of checking the fingerprint manually, you can select Paste Key in drop-down menu of Accept (Yes) button to have WinSCP compare the fingerprint for you, against a fingerprint or a full key stored in the clipboard. The clipboard can contain an SHA-256 or MD5 fingerprint or a full key in .pub format.

Use Copy key fingerprints to clipboard link to copy key fingerprints to clipboard (both in SHA-256 format seen on the message and additionally in MD5 format).

Read more about verifying host keys.

Learn also how to accept host key automatically in script.

  1. The text is copy of PuTTY User Manual or was inspired by it.Back

Last modified: by martin