Differences
This shows you the differences between the selected revisions of the page.
| 2017-12-22 | 2017-12-22 | ||
| actual primary error message in latest versions (martin) | completing documentation of the message box (martin) | ||
| Line 8: | Line 8: | ||
| This error message occurs when WinSCP connects to a new [[SSH]] server. Every server identifies itself by means of a host key; once WinSCP knows the host key for a server, it will be able to detect if a malicious attacker redirects your connection to another machine. | This error message occurs when WinSCP connects to a new [[SSH]] server. Every server identifies itself by means of a host key; once WinSCP knows the host key for a server, it will be able to detect if a malicious attacker redirects your connection to another machine. | ||
| + | &screenshotpict(message_host_key) | ||
| + | If you see this message, it means that WinSCP has not seen this host key before, and has no way of knowing whether it is correct or not. You should attempt to verify the host key by other means, such as asking the machine's administrator. ((&puttydoccite)) | ||
| + | Both SHA-256 (&beta_feature) and MD5 fingerprints of the host key are shown. As both fingerprints are for the same key, it is enough to check only one of them. Checking %%SHA-256%% fingerprint is safer though. | ||
| - | If you see this message, it means that WinSCP has not seen this host key before, and has no way of knowing whether it is correct or not. You should attempt to verify the host key by other means, such as asking the machine's administrator. ((&puttydoccite)) | + | If the [[faq_hostkey|host key fingerprint is correct]], press //Yes//. The host key will be stored to cache and you will not be prompted the next time. If you are unsure, want to defer a host key verification until later, but still need to connect now (taking a risk), press //No//. The host key will not be cached and you will be prompted again the next time. If the fingerprint is not correct or if you do not know the correct fingerprint, press //Cancel// to abort connection. |
| - | Read more about [[ssh_verifying_the_host_key|verifying host keys]]. | + | If you have the correct host key (or its fingerprint) in a digital form, instead of checking the fingerprint manually, you can use //Paste Key// button (in drop down menu of //Yes// button) to have WinSCP compare the fingerprint for you, against a fingerprint or a full key stored in the clipboard. The clipboard can contain an %%SHA-256%% or %%MD5%% fingerprint or a full key in ''.pub'' format. &beta_feature |
| + | Use //Copy key fingerprints to clipboard// link (//in the latest beta version//) &beta or //Copy Key// button (in the current stable release and in scripting) to copy the fingerprints to clipboard. | ||
| + | |||
| + | |||
| + | Read more about [[ssh_verifying_the_host_key|verifying host keys]]. | ||
| Learn also how to [[scripting#hostkey|accept host key automatically in script]]. | Learn also how to [[scripting#hostkey|accept host key automatically in script]]. | ||