Known Hosts Settings¶
Manage SSH host keys for servers you connect to. StormTunnel records each server's unique host key to verify server identity on future connections.
Overview¶
| Feature | Description |
|---|---|
| View servers | See all SSH servers you've connected to |
| Verify keys | Check host key fingerprints for security |
| Add manually | Pre-load keys before connecting |
| Remove keys | Delete outdated or untrusted entries |
Understanding Host Keys¶
When you connect to an SSH server, it presents a unique cryptographic key. StormTunnel stores this key and verifies it on future connections to prevent man-in-the-middle attacks.
Key Types¶
| Type | Security | Notes |
|---|---|---|
| ED25519 | Excellent | Modern, recommended |
| ECDSA | Good | Modern alternative |
| RSA | Good | Legacy, widely compatible |
| DSA | Weak | Avoid if possible |
Fingerprints¶
A fingerprint is a short summary of a host key (e.g., SHA256:jK8HjX2nQpR9...). Compare this with what your server admin provides to verify authenticity.
First Connection¶
- Connect to a new server - StormTunnel prompts about the unknown host
- Verify the key - Ask your admin for the fingerprint and compare
- Accept - Click "Trust this server" if verified
- Stored automatically - Future connections skip the prompt
Viewing Known Hosts¶
Each entry shows:
| Field | Description |
|---|---|
| Hostname | Server address |
| Key Type | ED25519, RSA, etc. |
| Fingerprint | SHA256 hash for verification |
| Date Added | When first connected |
Use the search box to filter by hostname.
Managing Keys¶
Add Manually¶
If you have a key before connecting:
- Click Add Key
- Paste the public key or fingerprint
- Enter the hostname
- Click Save
Remove a Key¶
- Select the server in the list
- Click Remove
- Confirm deletion
Note
Removing a key just clears it locally. Next connection will ask you to verify again.
Clear All¶
Settings → Known Hosts → Clear All
Warning
This removes all stored keys. You'll need to re-verify every server.
Host Key Changes¶
When a server's key changes, StormTunnel warns you. This could mean:
- ✓ Server admin rotated keys (normal)
- ✓ Server was reinstalled (normal)
- ✗ Man-in-the-middle attack (rare but serious)
Responding to Key Changes¶
- Contact your admin - Ask if they changed SSH keys
- If confirmed - Get the new fingerprint, verify it
- Update in StormTunnel - Remove old key, accept new one
- If NOT confirmed - Do not connect, report to security team
Security Best Practices¶
- Verify important servers - Always check fingerprints for databases, production servers
- Question unexpected changes - Confirm with admin before accepting new keys
- Remove unused entries - Clean up servers you no longer connect to
- Don't blindly accept - Especially on public networks
Troubleshooting¶
"Unknown Host" on Every Connection¶
Cause: Key not being stored properly
Fix: Accept the key, verify it appears in Known Hosts list
"Host Key Changed" Warning¶
Cause: Server key is different from stored key
Fix: Verify with admin, then remove old key and accept new one
Can't Find Server in List¶
Try searching with partial hostname. If not found, connect again to re-add.
Storage Location¶
This file contains only public keys (safe). Don't sync to public cloud storage.
Related¶
- SSH Key Management - Manage your SSH keys
- Authentication - Set up SSH authentication
- Troubleshooting - Fix connection issues