Host-key pinning
TermZ pins SSH host keys with trust-on-first-use (TOFU), so you know you’re still talking to the same server every time you connect.
Trust on first use
Section titled “Trust on first use”The first time you connect to a host, TermZ shows the server’s host-key fingerprint and asks you to trust it. Confirm the fingerprint, accept, and TermZ records it. That’s the only prompt in normal use.
Checking on every connection
Section titled “Checking on every connection”On every later connection, TermZ verifies the key matches the one it recorded. If the key changes, TermZ hard-blocks the connection and warns you — a changed key is the signature of a man-in-the-middle or a rebuilt host. It’s your call whether to re-trust the new key.
Audit log
Section titled “Audit log”Every trust decision — first-use acceptances and re-trusts alike — is written to an append-only audit log, giving you a durable record of what you accepted and when.
