It would be great if the SSH/SFTP connections had an option to verify the host key fingerprint when it connects, and to throw an error if it's not cached.
Without this check, it's possible that an SSH/SFTP transfer is sending credentials to a different server than expected, which could be compromised.
Example output from OpenSSH:
- First connection, prompts to save fingerprint
- I mess with the fingerprint to make it not match
- Second connection, get prompted again because the fingerprint isn't cached anymore
[adm-baumgart@argus] /home/adm-baumgart $ ssh baumgart@192.168.86.27 -o PreferredAuthentications=password
The authenticity of host '192.168.86.27 (192.168.86.27)' can't be established.
ECDSA key fingerprint is SHA256:kzQOkRiqrS0ZA5dyM547zMOPq/qhfVaZnssg+6DO8M0.
ECDSA key fingerprint is MD5:38:31:5b:ec:09:a3:41:1f:f5:25:66:7f:8a:1b:65:89.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.86.27' (ECDSA) to the list of known hosts.
baumgart@192.168.86.27's password:
Last login: Tue Sep 4 14:00:04 2018 from 10.1.0.11
[baumgart@cerberus ~]$ exit
logout
Connection to 192.168.86.27 closed.
[adm-baumgart@argus] /home/adm-baumgart $ vi .ssh/known_hosts <== This is me changing the cached fingerprint
[adm-baumgart@argus] /home/adm-baumgart $ ssh baumgart@192.168.86.27 -o PreferredAuthentications=password
The authenticity of host '192.168.86.27 (192.168.86.27)' can't be established.
ECDSA key fingerprint is SHA256:kzQOkRiqrS0ZA5dyM547zMOPq/qhfVaZnssg+6DO8M0.
ECDSA key fingerprint is MD5:38:31:5b:ec:09:a3:41:1f:f5:25:66:7f:8a:1b:65:89.
Are you sure you want to continue connecting (yes/no)? no
Host key verification failed.