PuTTY Security Alert - What does key fingerprint mean?

I have another question to security in the web world.

So I read (and ask :P) about certificates and think I got what it is and how it works. My next question is putty specific. When I open a connection with putty to a new server with ssh (port: 22) I get a PuTTY Security Alert:

The server's host key is not chacked in the registry. You have to guarantee that the server is the computer you think it is. The server's xxxx key fingerprin开发者_开发问答t is: yyyyyyyyyyyyyyyyyyyyyyyyyyy If you trust this host, hit Yes... etc.

Now I am wondering what a key fingerprint means. Is that just a certificate which putty hasn't in is cache yet?

thanks.

SCBoy

Those are the first bytes of the server certificate public key. The idea is that the key is a random number, so the first bytes are random too and therefore knowing that those first bytes are the same for two keys would likely mean that the keys are actually the same.

You can use this to validate the server. You could for example call the administrator of that server and ask him for the fingerprint of the key to validate that it's indeed the key of that server, not some man-in-the-middle server belonging to a malicious party.