If I kick my server from the .ssh/known_hosts file and try to connect with ssh commandlinetool from OpenSSH, I get the following output:
The authenticity of host '*****.com' (85.214.***.***)' can't be established.
RSA key fingerprint is 69:d6:62ec:0a:2a:**:**:**:**:**:**:**:**:**:**.
Are you sure you want to continue connecting (yes/no)?
And I would like a Func<Certificate, bool> callback to allow granting or refusing to trust the server.
I guess (just guessing, not knowing) that the server transfers it public key to the client, the client then asks the server to sign a random phrase with its private key to ensure the server has the private key to his certificate. This would ensure that the
server is allowed to use this certificate.