OpenBSD Journal
Home : : Add Story : : Archives : : About : : Create Account : : Login :
[c2k8]: Developer Blog: grunk@ - SSH Fingerprint Visualization Support
Contributed by johan on Thu Jun 26 12:51:50 2008 (GMT)
from the artsy dept.

Alexander von Gernler (grunk@) has committed support for SSH fingerprint visualization. This is a technique to make it possible for users to remember SSH fingerprints more easily. Instead of just looking at the ssh fingerprint in clear text you can now get a graphical pattern where your key is represented by a worm inside a field, the worm will look slightly different depending on the fingerprint.

Update (Thu Jun 26 2008, 16:42:30 CET): Some changes has been made since this article was written. Instead of having to specify "CheckHostIP fingerprint" to turn on visualization, you now have to use "VisualHostKey yes". "CheckHostIP fingerprint" won't work anymore, and has returned to be a normal bool yes/no option.

Please read on for Alexander's blog...

In December 2006, I attended a talk by Dan Kaminsky [1] [2],
a security expert well known for his creative approaches towards
problems and for his extremely entertaining style of presentation.
His talk dealt a lot with visualization of problems from different
areas, and was fun to watch, as always.
Dan managed to tie together some loose ends in my head about various
topics, and also managed to draw my attention to the problem of
SSH and the hex fingerprints.

As many of you know, a fingerprint may be as secure as it can be,
but the security of the system stands and falls with the user.
So if people don't verify fingerprints because it is too complicated
and annoying for them, we have to catch them where they can't escape:
Actually, the human brain is the most powerful pattern recognition
system ever known, so why not make use of it, and show a little
image to the users every time they log in.
If the image is the same all the time, then everything feels normal.
And if not, it starts feeling fishy immediately.

One of the problems I had to solve was the output format.  As you all
know we're operating on text terminals most of the
time, and high-resolution graphics are not available always.
However, the schemes available all tried to do some random graphical
output that aimed to be characteristic and easy to remember.

So there I was with my constraints:  The output had to be
7-bit clean ASCII text, with no colors, no scrolling, no animation,
no nothing.  I then designed a very simple algorithm that
nevertheless takes all the bits of a hex fingerprint into account.
I am still doing research towards the question of how easy it is
to forge these pictures.
(If you're at a University and doing Theoretical Computer Science,
Graph Theory or Cryptography and have any remarks to make,
I'll be glad to hear from you :)

Now perhaps you'll be curious and want to play around with the
new feature.  Just do the following steps:

1.  (Of course) compile a -current ssh
2.  Insert the option
        CheckHostIP     fingerprint
    to your ~/.ssh/config file.  Now you will get the ASCII art
    displayed on every login.
3.  If you want to know what your known hosts "look" like,
    type in
        ssh-keygen -lv -f ~/.ssh/known_hosts | less
    and learn!  There's a canadian anoncvs mirror that looks
    like a cat, for example ;)

[1] the the talk recorded in mpeg-4 format
[2] slides

[topicconf]

<< [c2k8]: Accelerated X Support for AMD Geode LX | Reply | Flattened | Collapsed | [c2k8]: New Ports of the Week #24 (June 14) >>

Threshold: Help

Related Links
more by johan


  Re: [c2k8]: Developer Blog: grunk@ - SSH Fingerprint Visualization Support (mod 0/30)
by anonymous pedro (201.53.102.38) on Sun Jun 15 03:22:55 2008 (GMT)
  That's exactly how I envisioned it.
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

       
Re: [c2k8]: Developer Blog: grunk@ - SSH Fingerprint Visualization Support (mod 1/27)
by anonymous grunk (2a01:198:262:1:20a:e4ff:fe35:3081) on Sun Jun 15 03:31:30 2008 (GMT)
  > That's exactly how I envisioned it.

No man, that's exactly how it was implimented. Apologize! :)
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

         
Re: [c2k8]: Developer Blog: grunk@ - SSH Fingerprint Visualization Support (mod 3/27)
by Anonymous Coward (88.217.158.50) on Mon Jun 16 08:41:54 2008 (GMT)
  > > That's exactly how I envisioned it.
>
> No man, that's exactly how it was implimented. Apologize! :)

oh is it your paycheck that makes you think so?
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: [c2k8]: Developer Blog: grunk@ - SSH Fingerprint Visualization Support (mod 3/35)
by Anonymous Coward (209.139.249.129) on Sun Jun 15 03:48:43 2008 (GMT)
  Cool stuff. Checking out tree now on a -current "play with me" box.

Love the whole idea of it.


  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: [c2k8]: Developer Blog: grunk@ - SSH Fingerprint Visualization Support (mod 7/35)
by Anonymous Coward (84.0.5.102) on Sun Jun 15 07:47:28 2008 (GMT)
  Picture, anyone?
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: [c2k8]: Developer Blog: grunk@ - SSH Fingerprint Visualization Support (mod 5/31)
by Anonymous Coward (158.64.153.152) on Sun Jun 15 09:37:48 2008 (GMT)
  Thanks, for your work!

I tried it, but you still have to get used to it. I'm not sure these graphics are easy to remember ...

+--[ RSA]---------+
|.o |
|... |
|= ... |
| = ... |
|+ . .ES |
|.. o ..o . |
| . o ..+ o o |
| . o o. . = . |
| . . . o |
+-----------------+

+--[ RSA]---------+
| .. . |
| . . . |
| . . o |
| . . = |
| . oSo |
| . . ..= . |
|E . o.B = |
| o =.* |
| +o. |
+-----------------+
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

       
Re: [c2k8]: Developer Blog: grunk@ - SSH Fingerprint Visualization Support (mod -3/25)
by Anonymous Coward (84.0.5.102) on Sun Jun 15 10:06:34 2008 (GMT)
  > I'm not sure these graphics are easy to remember ...

+1
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

       
Re: [c2k8]: Developer Blog: grunk@ - SSH Fingerprint Visualization Support (mod 6/32)
by Anonymous Coward (81.83.46.216) on Sun Jun 15 11:51:40 2008 (GMT)
 
> +--[ RSA]---------+
> |      .. .       |
> |     .  . .      |
> |    .  . o       |
> |   .  . =        |
> |  .    oSo       |
> | .  . ..= .      |
> |E .  o.B =       |
> | o    =.*        |
> |       +o.       |
> +-----------------+
big sitting bird :-)
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

         
Re: [c2k8]: Developer Blog: grunk@ - SSH Fingerprint Visualization Support (mod -1/35)
by Anonymous Coward (81.83.46.216) on Sun Jun 15 12:03:14 2008 (GMT)
  something like this would be far more obvious ;o)
+--[ RSA]---------+
|                 |
|                 |
|             o/~ |
|   ('<   o/~     |
|  ,',)           |
| ''<<            |
|---""---         |
|                 |
+-----------------+ 
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

         
Re: [c2k8]: Developer Blog: grunk@ - SSH Fingerprint Visualization Support (mod 3/27)
by Anonymous Coward (81.83.46.216) on Sun Jun 15 12:53:22 2008 (GMT)
  this is the url
http://thebirdguide.com/digiscoping/photos/IMG_1728_Coopers_Hawk.jpg
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

         
Re: [c2k8]: Developer Blog: grunk@ - SSH Fingerprint Visualization Support (mod 0/28)
by Anonymous Coward (209.139.249.129) on Sun Jun 15 19:06:25 2008 (GMT)
  >
> +--[ RSA]---------+
> | .. . |
> | . . . |
> | . . o |
> | . . = |
> | . oSo |
> | . . ..= . |
> |E . o.B = |
> | o =.* |
> | +o. |
> +-----------------+
>
>
> big sitting bird :-)

Pooping beaver.
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

       
Re: [c2k8]: Developer Blog: grunk@ - SSH Fingerprint Visualization Support (mod 4/32)
by Anonymous Coward (2a01:348:108:100:20a:5eff:fe1a:a300) on Tue Jun 17 19:21:17 2008 (GMT)
  > Thanks, for your work!
>
> I tried it, but you still have to get used to it. I'm not sure these graphics are easy to remember ...

Wow, you have bubble-babble signatures committed to memory? I salute you :)

For us mortals it's not so much useful for ease of remembering, as ease of comparison. With existing fingerprints, people tend to compare just a few positions in the key. If you have two of the "ssh nethack mode" images, say, one on-screen and one printed on a card, comparison is quicker and easier.

+--[ RSA]---------+  +--[ RSA]---------+
|.o               |  |.o               |
|...              |  |...              |
|= ...            |  |= ...            |
| = ...           |  | = ...           |
|+  .  .ES        |  |+  .  .ES        |
|..  o  ..o .     |  |.. o   ..o .     |
|   . o  ..+ o o  |  |  . o   ..+ o o  |
|    . o o. . = . |  |    . o o. . = . |
|     . . .    o  |  |     . . .    o  |
+-----------------+  +-----------------+
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

         
Re: [c2k8]: Developer Blog: grunk@ - SSH Fingerprint Visualization Support (mod 4/28)
by Anonymous Coward (12.153.51.253) on Wed Jun 18 16:04:07 2008 (GMT)
  > For us mortals it's not so much useful for ease of remembering, as ease of comparison. With existing fingerprints, people tend to compare just a few positions in the key. If you have two of the "ssh nethack mode" images, say, one on-screen and one printed on a card, comparison is quicker and easier.
>
> [MANGLED]

I'm not so sure that comparison would be easier with this method, GIVEN the user has a printed card. I would find it much easier to compare a compact, linear sequence of hex digits by placing said card on the screen below the SSH fingerprint (I would print it in roughly the correct size to match most terminals I would expect to use); in fact, base-64 encoding would probably make the printed-card method even easier. I actually found the difference between the two fingerprint images YOU published to be very subtle.
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  the talk (mod 3/33)
by Anonymous Coward (121.116.178.61) on Sun Jun 15 09:40:19 2008 (GMT)
  Dan's talk is very interesting but you can skip the beginning 10 min if you are only interested in ssh hex problem.
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: [c2k8]: Developer Blog: grunk@ - SSH Fingerprint Visualization Support (mod -1/35)
by Krunch (91.106.223.231) on Sun Jun 15 17:49:59 2008 (GMT)
  Is there a PDF version of the slides somewhere?
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

       
Re: [c2k8]: Developer Blog: grunk@ - SSH Fingerprint Visualization Support (mod -4/30)
by Jared (209.59.105.36) (jjsolomon@gmail.com) on Sun Jun 15 19:20:13 2008 (GMT)
  > Is there a PDF version of the slides somewhere?

And/or torrent of either?
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

       
Re: [c2k8]: Developer Blog: grunk@ - SSH Fingerprint Visualization Support (mod -3/29)
by Sunnz (sunnz) on Mon Jun 16 06:47:51 2008 (GMT)
http://yius.id.au
  > Is there a PDF version of the slides somewhere?

I just made a quick and dirty conversion from ppt to pdf using OpenOffice.org, the result is here:

http://yius.id.au/dmk_blackops2006_ccc.pdf
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: [c2k8]: Developer Blog: grunk@ - SSH Fingerprint Visualization Support (mod 5/33)
by Peter (129.132.27.180) on Thu Jun 26 09:30:31 2008 (GMT)
  Am I the only one who does not like it? Numbers are cumbersome, but they are precise.

Pictures can be confuse the viewer. I think it should be possible to write a small program that generates thousands of keys, trying to create one where the fingerprint picture is close to the original picture. Assuming that the user has no picture reference, it seems likely that he will accept the false key as his own. The brain is great in recognizing things even if they are not 100% the same.

This looks like a security facade to me, weakening the security.
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

       
Re: [c2k8]: Developer Blog: grunk@ - SSH Fingerprint Visualization Support (mod -8/22)
by Anonymous Coward (75.111.94.145) on Sat May 16 01:33:45 2009 (GMT)
  > Am I the only one who does not like it? Numbers are cumbersome, but they are precise.
>
> Pictures can be confuse the viewer. I think it should be possible to write a small program that generates thousands of keys, trying to create one where the fingerprint picture is close to the original picture. Assuming that the user has no picture reference, it seems likely that he will accept the false key as his own. The brain is great in recognizing things even if they are not 100% the same.
>
> This looks like a security facade to me, weakening the security.

Well, on the other hand it's actually much easier to generate thousands of keys and find one that has a hex fingerprint that starts and ends with the same couple of bytes as the fingerprint on the machine you are attacking, so in that respect it's no more or less secure than the existing method of asking a user to verify the hex key. Either they will identify it exactly, byte by byte, or they will choose an approximation. The fingerprint is a more easily recognized approximation, but obviously its still not a substitute for out of band validation.

IMO they really need to add the capability for ssh to validate keys through a CA.
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: [c2k8]: Developer Blog: grunk@ - SSH Fingerprint Visualization Support (mod -4/28)
by martin f. krafft (2001:41e0:ff12:0:211:2fff:fe6b:c869) (undeadly.org@pobox.madduck.net) on Fri Oct 31 09:00:29 2008 (GMT)
http://madduck.net
  I wish this feature didn't exist, it's useless.
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: [c2k8]: Developer Blog: grunk@ - SSH Fingerprint Visualization Support (mod -1/11)
by Anonymous Coward (103.10.197.61) on Sat Sep 24 06:02:05 2016 (GMT)
  Wow. Just one word for them Splendid!! I have seen many sites in my whole life but have never seen anything like this! It is amazingly beautiful! You should also consider them.castlehillelectrician.com
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: [c2k8]: Developer Blog: grunk@ - SSH Fingerprint Visualization Support (mod 1/11)
by Anonymous Coward (45.116.232.59) on Wed Sep 28 07:03:56 2016 (GMT)
  You have to waste less time to search your obligatory matter on web, because these days the searching ways of search engines are nice. That's why I found this article at this point. pest control
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: [c2k8]: Developer Blog: grunk@ - SSH Fingerprint Visualization Support (mod 0/12)
by tom (103.10.197.146) (jasonbynum13@gmail.com) on Mon Oct 31 06:55:30 2016 (GMT)
  Your website is terribly informative and your articles are wonderful. Anthony
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: [c2k8]: Developer Blog: grunk@ - SSH Fingerprint Visualization Support (mod 0/12)
by tom (103.10.197.213) (jasonbynum13@gmail.com) on Tue Nov 1 06:06:52 2016 (GMT)
  Your articles make whole sense of every topic. home security
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

[ Home | Add Story | Archives | Polls | About ]

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. Some icons from slashdot.org used with permission from Kathleen. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. Search engine is ht://Dig. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]