Anonymous wrote:
Another problem is that the above man info that you provided does not inform how to check to see if the host key for the server I have been logging into that is stored in register on my local machine is legitimate or a fake. Even though I don't get that warning any more in putty, how can I be sure that it's the correct key?
If it were fake the time you've logged in the first time, it means that you are all the time connecting to fake server (not yours). I guess you would have noticed already :-)
Of course with exception that the attacker if is only proxing your connections every time. I do not know how long you are using Putty from that machine, but I guess it is highly unlikely possible.
Anyway if you want to be 100% sure, check Putty cache at [HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\SshHostKeys]
I do not know how the keys are encoded in the registry. If you do not find it out yourself easy way is to remove the particular key and try to connect. Putty will ask you again to confirm the key and show you the fingerprint in format you already know.
Last edited by martin on 2004-11-24; edited 1 time in total