SSH visual host keys
Via Kees Cook (and sorry for the reiteration for people following along Planet Debian, thanks to Caspar Clemens: Recent (>= 5.1) versions of OpenSSH (found at least in Debian Lenny and Ubuntu Intrepid), have the VisualHostKey option. What does it do?
$ ssh -o VisualHostKey=yes 172.16.10.1 Host key fingerprint is db:7a:d8:a8:2e:41:a2:e5:51:e1:7f:d0:73:bd:85:bf +--[ RSA 2048]----+ | .. | | .. . . . | | .. . o . o . | | + .. . o + | | + + . S . . | |. . . . o . | | . .+. E | | . o.o | | oo... | +-----------------+ Linux respaldos.local.iiec 2.6.26-1-vserver-amd64 #1 SMP Wed Oct 1 13:08:10 UTC 2008 x86_64
What does this mean? This ASCII-art graph represents your host's public key, which uniquely identifies (or at least, it better damn should uniquely identify!) it. This representation was added mainly because it is way easier to be able to visually record the shape of your most frequently used hosts' IDs than their fingerprint. If you connect from a foreign or untrusted machine (i.e. one that does not yet know your host's identity), make sure to run with this switch - it will protect you from somebody supplanting your server's identity.
Besides, it adds to the general kewlness factor, doesn't it? ;-)
To enable this behaviour by default, add the following to your /etc/ssh/ssh_config (or to your personal .ssh/config):
Host * VisualHostKey yes
Now... What about publishing the list of the 32767 known-bad SSH keys? That'd make for a nice ASCII-art exhibit :-}
- Bitácora de gwolf
- Log in or register to post comments