Understanding how TTerm Handles SSH Keys

Keeping your data secure is important and Secure Shell, SSH for short, is an important communications protocol that helps keep your data away from prying eyes.

When TTerm makes the initial SSH connection to a new host it will display a warning message questioning the hosts identity. This is expected, as TTerm has never encountered the host before and needs to get your approval to make the connection. If you decide to go ahead and connect the host and its SSH key are added to a list of known, approved hosts and TTerm will subsequently connect without complaint.

Sometimes the host's (RSA) key may have changed. There are perfectly legitimate reasons for this, perhaps the keys are regenerated on a regular basis as part as part of a security routine, or a host has had it's settings modified. More ominously a key may be different due to a security issue such as a man-in-the-middle attack. This kind of attack is where a third party pretends to be your intended partner in a communication and intercepts your private traffic.  The impostor might be residing at the correct IP address but the system will be different and posses a different SSH key.

By default TTerm enforces 'strict security', meaning it will only allow a connection to a host system that it's familiar with. So, when TTerm encounters a host whose key is different to the one it was expecting you will be greeted with a warning message. If you weren't expecting this, it might be an excellent time to contact your system administrator and ask a few questions. Otherwise, accept the connection and the list of known hosts is updated for future connections.

If you REALLY have to, you can turn off strict security in the communications settings, but we don't recommend it for normal operation. Of course, secure protocols are but one small part of securing your communications - take further steps by using strong passwords, being aware of phishing attacks and protecting your physical devices such as your iPad.

This applies to all versions of TTerm and to communication over both SSH and Telnet (via SSH tunnel).

|