The SSH approach

The first time a connection is made to a host the key has to be accepted.
- Key is stored in ~/.ssh/known_hosts or the equivalent.
On the next connection, if the key presented is different then maybe an attacker is a work.
- Maybe the host just has a new key?

The first time a connection is made to a host the key has to be accepted.