Simon Butcher

Secure shell (SSH) is the workhorse of a UNIX system administrator. Due to its ability to secure connections, protect login details, provide authenticity and even tunnel traffic, SSH replaced telnet in the real world many years ago. Authenticity is not guaranteed, and for administrators working with a large farm of servers it's important to ensure you're talking to the server you really wanted, and not something that's moved into its place.

SSH employs a private/public asymmetric keying system, keeping a private key closely guarded and using the public key to not only secure the connection but help prove that you're talking to the right server. Most SSH clients will allow you to remember the public key for a server after your first connection; ensuring subsequent connections are to the same server by revalidating a hash of this key, known as a “fingerprint”. To help validate the fingerprint on your first connection, you can store a fingerprint of the SSH server's public key in DNS for additional verification.