We have all done it. When SSH asks us this familiar question:
$ ssh redpilllinpro01.ring.nlnog.net The authenticity of host 'redpilllinpro01.ring.nlnog.net (2a02:c0:200:104::1)' can't be established. ECDSA key fingerprint is SHA256:IM/o2Qakw4q7vo9dBMLKuKAMioA7UeJSoVhfc5CYsCs. Are you sure you want to continue connecting (yes/no/[fingerprint])?
…we just answer
yes - without bothering to verify the fingerprint shown.
Many of us will even automate answering
yes to this question by adding
StrictHostKeyChecking accept-new to our
~/.ssh/config ... [continue reading]