Differences
This shows you the differences between the selected revisions of the page.
| 2023-10-10 | 2023-10-10 | ||
| certificates are beta (martin) | better configuration link (martin) | ||
| Line 37: | Line 37: | ||
| ==== [[certified]] Certified Host key ==== | ==== [[certified]] Certified Host key ==== | ||
| - | If you've configured WinSCP to trust at least one [[ui_ssh_host_ca|certification authority for signing host keys]], then it will ask the SSH server to send it any available certified host keys. If the server sends back a certified key signed by a different certification authority, WinSCP will present this variant of the host key prompt. | + | If you've configured WinSCP to trust at least one [[ui_pref_security#authorities|certification authority for signing host keys]], then it will ask the SSH server to send it any available certified host keys. If the server sends back a certified key signed by a different certification authority, WinSCP will present this variant of the host key prompt. |
| One reason why this can happen is a deliberate attack. Just like an ordinary man-in-the-middle attack which substitutes a wrong host key, a particularly ambitious attacker might substitute an entire wrong certification authority, and hope that you connect anyway. | One reason why this can happen is a deliberate attack. Just like an ordinary man-in-the-middle attack which substitutes a wrong host key, a particularly ambitious attacker might substitute an entire wrong certification authority, and hope that you connect anyway. | ||