User jack logs in to host solaris and then attempts to log in to host oracle using ssh. He receives the following
error message:
The authenticity of host oracle (192.168.1.22) can’t be established. RSA key fingerprint is
3B:23:a5:6d:ad:a5:76:83:9c:c3:c4:55:a5:18:98:a6
Are you sure you want to continue connecting (yes/no)?
Which two are true?
A.
The public host key supplied by solaria is not known to the host oracle.
B.
The error would not occur if the RSA key fingerprint shown in the error message was added to the /etc/ssh/
known_hosts file on solaris.
C.
The private host key supplied by oracle is not known to solaris.
D.
If jack answers yes, the RSA public key for the host oracle will be added to the known_hosts file for the user
jack.
E.
The public host key supplied by oracle is not known to the host solaris.
Explanation:
The fingerprints are used to guard against man in the middle attacks. Since ssh logins usually work over the
internet (an insecure connection), someone could hijack your connection. When you try to log into
yourmachine.com, he could get “in the middle” and return your challenge as if he was yourmachine.com. That
way, he could get hold of your login password.
To make this attack harder, ssh stores the fingerprint of the server’s public key on the first connection attempt.
You will see a prompt like:
The authenticity of host ‘eisen (137.43.366.64)’ can’t be established.
RSA key fingerprint is cf:55:30:31:7f:f0:c4:a0:9a:02:1d:1c:41:cf:63:cf.
Are you sure you want to continue connecting (yes/no)
When you enter yes, ssh will add the fingerprint to your known_hosts file. you will see
Code:
Warning: Permanently added ‘eisen, 137.43.366.64’ (RSA) to the list of known hosts.
The next time you login, ssh will check whether the host key has changed. A changing host key usually
indicates a man in the middle attack, and ssh refuses to connect.