Contributed by johan on Thu Jun 26 12:51:50 2008 (GMT)
from the artsy dept.
Alexander von Gernler (grunk@) has committed support for SSH fingerprint visualization.
This is a technique to make it possible for users to remember SSH fingerprints more easily.
Instead of just looking at the ssh fingerprint in clear text you can now get a graphical pattern where your key is represented by a worm inside a field, the worm will look slightly different depending on the fingerprint.
Update (Thu Jun 26 2008, 16:42:30 CET):
Some changes has been made since this article was written.
Instead of having to specify "CheckHostIP fingerprint" to turn on visualization, you now have to use "VisualHostKey yes".
"CheckHostIP fingerprint" won't work anymore, and has returned to be a
normal bool yes/no option.
Please read on for Alexander's blog...
In December 2006, I attended a talk by Dan Kaminsky  ,
a security expert well known for his creative approaches towards
problems and for his extremely entertaining style of presentation.
His talk dealt a lot with visualization of problems from different
areas, and was fun to watch, as always.
Dan managed to tie together some loose ends in my head about various
topics, and also managed to draw my attention to the problem of
SSH and the hex fingerprints.
As many of you know, a fingerprint may be as secure as it can be,
but the security of the system stands and falls with the user.
So if people don't verify fingerprints because it is too complicated
and annoying for them, we have to catch them where they can't escape:
Actually, the human brain is the most powerful pattern recognition
system ever known, so why not make use of it, and show a little
image to the users every time they log in.
If the image is the same all the time, then everything feels normal.
And if not, it starts feeling fishy immediately.
One of the problems I had to solve was the output format. As you all
know we're operating on text terminals most of the
time, and high-resolution graphics are not available always.
However, the schemes available all tried to do some random graphical
output that aimed to be characteristic and easy to remember.
So there I was with my constraints: The output had to be
7-bit clean ASCII text, with no colors, no scrolling, no animation,
no nothing. I then designed a very simple algorithm that
nevertheless takes all the bits of a hex fingerprint into account.
I am still doing research towards the question of how easy it is
to forge these pictures.
(If you're at a University and doing Theoretical Computer Science,
Graph Theory or Cryptography and have any remarks to make,
I'll be glad to hear from you :)
Now perhaps you'll be curious and want to play around with the
new feature. Just do the following steps:
1. (Of course) compile a -current ssh
2. Insert the option
to your ~/.ssh/config file. Now you will get the ASCII art
displayed on every login.
3. If you want to know what your known hosts "look" like,
ssh-keygen -lv -f ~/.ssh/known_hosts | less
and learn! There's a canadian anoncvs mirror that looks
like a cat, for example ;)
 the the talk recorded in mpeg-4 format