Fingerprints

As SSH architecture does not know certificates or other ways to check if the remote server is the server you expect to be for connection, it is a matter of "trust" if you accept connection or not.

SSH normally works like this:  once you connect to a remote server and you are sure that this is the server you wish to connect to, you should save fingerprint information locally. For each new connection, you should check, if the fingerprint information is the one you stored - to make sure that nobody is in the "middle". Fingerprint information is almost unique for different servers and is generated from the private key of the server.