Ssh error validating server certificate
Instead, it will display an error message, similar to any other browser error (for example a "page not found" 404 message).
To get past this error page, users have to go through four different steps before they can access the Web site, which from a usability standpoint is far from ideal." The error occurs because Mozilla has decided to take SSL/TLS Web page security to the next level, challenging any certificate that isn't in the Web browser's certificate database, has incorrect information, or is expired.
I'd like to help clear up the confusion by explaining what SSL/TLS certificates are and how they work.
Let's face it, SSL/TLS (HTTPS) is vital to user security and privacy on the Internet.
After that the public key is used as in normal key based authentication, i.e.
the server has to demonstrate that it owns the private key for the public key.
Thank goodness that using a SSL/TLS VPN is secure and working properly.
The problem, quite simply, is that human intervention is required to verify the authenticity of certain types of certificates.
Apparently, if there's no public key in known_hosts yet, the attack I've described above is still possible, and it doesn't matter whether the server uses certificate or not.
It looks like you assume that the identity of the server is proven by the server demonstrating that he owns the presented public key.
This is a good thing; it will make Web browsing and online commerce a great deal safer.
In order to understand why, let's take a quick look at the SSL/TLS process.
The next time when client connects to the SSH server, the man-in-the-middle (MIM) intercepts client's connection request, and sends its own public key to the client, on behalf of the real SSH server.