Skip to main content
Rosie.run Docs

Host Key Verification in Rosie SSH

Understand Rosie SSH host key prompts, changed-key warnings, fingerprints, and trusted host management.

Why Rosie SSH asks about host keys

Rosie SSH uses trust on first use host key verification. The first time you connect to a server, the app shows the server’s SSH host key fingerprint and asks whether to trust it.

Trusting a host key tells Rosie SSH that future connections to the same host and port should present the same key.

How to verify a fingerprint

When possible, compare the fingerprint in Rosie SSH with a trusted source:

  • Server control panel or provider dashboard.
  • A known-good desktop SSH client.
  • A secure message from the server administrator.
  • Direct access to the server.

On many OpenSSH servers, an administrator can check host key fingerprints with:

ssh-keygen -lf /etc/ssh/ssh_host_ed25519_key.pub

Rosie SSH displays SHA256 fingerprints in the standard OpenSSH-style format.

First connection prompt

If the fingerprint matches what you expect, trust it and continue. If you do not recognize the server or cannot verify the fingerprint, reject the prompt and check the host details before trying again.

Host key trust is stored locally on your device.

Changed host key warning

A changed host key can be legitimate after a server rebuild, migration, or key rotation. It can also indicate a man-in-the-middle attack.

Before trusting a changed key:

  • Confirm the hostname and port are correct.
  • Ask the server administrator whether the key changed.
  • Compare the new fingerprint with a trusted source.

If you are unsure, reject the prompt.

Remove a trusted host key

To make Rosie SSH ask again on the next connection:

  1. Open Settings.
  2. Find Trusted Host Keys.
  3. Swipe the saved host key.
  4. Tap Remove.

Removing a trusted key does not delete the saved host, password, private keys, or files on the server.

Settings

Dark Mode