Much like how the
authorized_keys file is used to authenticate clients on the server, there is another file in the
~/.ssh folder called
known_hosts, which is used to authenticate servers to the client.
Whenever SSH is configured on a new server it always generates a public and private key pair for the server, just like you did for your user in the previous section. Every time you connect to any SSH server, it shows you its public key first, together with a proof that it possesses the corresponding private key. If you do not have its public key yet, then your computer will ask for it and add it into the
This way, the client can check that the server is a known one, and not some rogue server trying to pass off as the right one.
That’s why when you connect to a server for the first time, you might get a message like this: