On Mon, Jan 30, 2006 at 09:44:52PM +0100, Marc Coevoet wrote:
> but it is here ...
> 
> http://www.hmug.org/man/1/ssh.php
> 
> but do you think I can get in ?? no ...
> 
> wron,g passwd, of course there is the keyboard, but i do know all the 
> right keys ...
> 
> 
> And I do not want to type 'yes' at this prompt, a hacker can do that 
> too, with "expect" ....
> 
> localhost:/Users/marc root# ssh 192.168.1.3
> The authenticity of host '192.168.1.3 (192.168.1.3)' can't be 
> established.
> RSA key fingerprint is 5a:f3:2c:08:e2:f6:e4:7e:df:74:32:eb:98:86:ff:a7.
> Are you sure you want to continue connecting (yes/no)? y
> Please type 'yes' or 'no': yes
> Warning: Permanently added '192.168.1.3' (RSA) to the list of known 
> hosts.
> Password:
> Password:
> Password:

By default, you cannot ssh into a machine as root.  Create a non-root
user and add this user to the wheel group so it can use 'su' to get
root, or use sudo.

The first time you ssh into a machine, it will prompt you as it did
since that is not a 'known' host.  If you were sshing to a new host and
were paranoid, you could contact the sysadmin of the remote system and
have them verify the RSA fingerprint before you typed 'yes'

If, in the future, you ssh to the same host, and the key has changed,
you would then want to verify with the sysadmin that the key-change was
known, else the remote-host might have been compromised, or someone is
performing some sort of 'man-in-the-middle' attack.

-- 
Michael Parson
mparson@bl.org