I'm having a conceptual problem that you may be able to assist with. The problem may be due to my misunderstanding of SSH concepts, or SSH technological implementation, or Shared Hosting, but here goes:
I've got a shared hosting account with GoDaddy, and they've got an SSH server which is set up in such a way that, from my terminal, I can "ssh www.myhosteddomainname.com
-l myusername". This responds with an RSA key fingerprint and asks whether I want to continue connecting.
Now it's my understanding that the only way to be sure that this connection is indeed with GoDaddy as I hope it is, is to get GoDaddy to confirm the correct RSA key fingerprint, and check that this is the same as the one reported by the ssh client.
I've called GoDaddy to get this information, but they wouldn't give it to me. After an age on the phone, I'm not entirely clear what the reason is, because they seemed to give me many different reasons and none of them made any real sense to me.
The reasons varied from "we're unable to get the fingerprint from the server" to "we wouldn't be prepared to give that fingerprint over the phone".
So my question is this: Do I need to verify the fingerprint appearing in the SSH client against a fingerprint given to me by GoDaddy? If so, is there any way of doing this other than by getting GoDaddy to tell me what it is, and does it make sense that GoDaddy would provide SSH capabilities without being prepared to provide the fingerprint? If not, please could you provide some explanation of where I've misunderstood - or a link to a clear explanation, as I've already done a lot of reading, and find the subject a bit complicated, but thought I'd now understood it correctly.
Thanks in advance for your help.