2.11. SSH hostkeys

SSH communication authenticates the remote SSH server using public-key cryptography, either using plain hostkeys, or X.509 certificates. Client authentication can also use public-key cryptography. The identity of the remote server can be verified by inspecting its hostkey or certificate. When trying to connect to a server via PSM, the client sees a hostkey (or certificate) shown by PSM. This key is either the hostkey of PSM, or the original hostkey of the server, provided that the private key of the server has been uploaded to PSM. In the latter case, the client will not notice any difference and have no knowledge that it is not communicating directly with the server, but with PSM.