bugzilla-daemon at bugzilla.mindrot.org
2010-Apr-19 21:16 UTC
[Bug 1759] New: allow display of bubblebabble fingerprint when connecting
https://bugzilla.mindrot.org/show_bug.cgi?id=1759 Summary: allow display of bubblebabble fingerprint when connecting Product: Portable OpenSSH Version: -current Platform: All URL: http://bugs.debian.org/578422 OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo: unassigned-bugs at mindrot.org ReportedBy: cjwatson at debian.org In http://bugs.debian.org/578422, Clint Adams requests: "Please allow the user to enable the display of bubblebabble fingerprints in addition to or in lieu of the MD5-based hex or randomart fingerprints when connecting to an unknown host." -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Apr-19 22:47 UTC
[Bug 1759] allow display of bubblebabble fingerprint when connecting
https://bugzilla.mindrot.org/show_bug.cgi?id=1759 Daniel Kahn Gillmor <dkg at fifthhorseman.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dkg at fifthhorseman.net --- Comment #1 from Daniel Kahn Gillmor <dkg at fifthhorseman.net> 2010-04-20 08:47:42 EST --- I made the following proposal on the mailing list: http://marc.info/?l=openssh-unix-dev&m=127170293002534&w=2 ------------------------------------------------- HostKeyFingerprint is an option which takes a comma-separated set of fingerprint styles to display to the user upon seeing a new host key. Supported options are: "hex", "bubblebabble", "visual" The default is: hex For backward compatibility, -oVisualHostKey=yes implicitly adds "visual" to this set if it is not already present. --------------------------------------- -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Jun-04 05:21 UTC
[Bug 1759] allow display of bubblebabble fingerprint when connecting
https://bugzilla.mindrot.org/show_bug.cgi?id=1759 Eric Wheeler <ssh at ew.ewheeler.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ssh at ew.ewheeler.org -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Jun-04 06:08 UTC
[Bug 1759] allow display of bubblebabble fingerprint when connecting
https://bugzilla.mindrot.org/show_bug.cgi?id=1759 --- Comment #2 from Eric Wheeler <ssh at ew.ewheeler.org> --- Enough people ignore host key finger prints (ahem, I've MITMed a few) that this is an increasingly important feature that needs to be given real thought. It would be great if the option provided some granularity of when to turn on. For example, when interogated with: "The authenticity of host '0 (0.0.0.0)' can't be established. [...] Are you sure you want to continue connecting (yes/no)? I would want both the Visual and the bubblebabble. These are the use states that I might want all-or-some-or-no visual fingerprint verification options: 1. Always 2. When when the authentication method is "X" (ie, password, publickey, hostbased, gssapi-with-mic, gssapi-keyex, etc.) 3. If the controlling terminal is a TTY 4. When the host is unknown 5. When DISPLAY is defined (ie, running under X) Perhaps something like: HostKeyFingerprint always=babble;tty=babble,visual;password=babble,visual,hex;publickey=none;gssapi-with-mic=babble Providing the output in the order specified would be great too. For example, HostKeyFingerprint tty=babble,hex,visual would be different than HostKeyFingerprint tty=visual,babble,hex People could get cute here too and have external plugins that launch something on their system that either takes the pubkey as argv[1] or via stdin: HostKeyFingerprint when_using_x=external(/usr/bin/OpenGLkeyVis),babble I look forward to augmenting my ~/.ssh/config with something like this: HostKeyFingerprint tty=babble,hex,visual;using_x=external(/usr/bin/xkeyvis);publickey=none;notty=none;unknown=hex,babble,visual;default=hex,babble,visual -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.