thr3ads.net - openssh bugs - [Bug 1759] New: allow display of bubblebabble fingerprint when connecting [Apr 2010]

If this information is useful, please help other people find it:
Share via:

bugzilla-daemon at bugzilla.mindrot.org

2010-Apr-19 21:16 UTC

[Bug 1759] New: allow display of bubblebabble fingerprint when connecting

https://bugzilla.mindrot.org/show_bug.cgi?id=1759

           Summary: allow display of bubblebabble fingerprint when
                    connecting
           Product: Portable OpenSSH
           Version: -current
          Platform: All
               URL: http://bugs.debian.org/578422
        OS/Version: Linux
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: ssh
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: cjwatson at debian.org


In http://bugs.debian.org/578422, Clint Adams requests:

"Please allow the user to enable the display of bubblebabble
fingerprints in addition to or in lieu of the MD5-based hex or
randomart fingerprints when connecting to an unknown host."

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

bugzilla-daemon at bugzilla.mindrot.org

2010-Apr-19 22:47 UTC

head link

[Bug 1759] allow display of bubblebabble fingerprint when connecting

https://bugzilla.mindrot.org/show_bug.cgi?id=1759

Daniel Kahn Gillmor <dkg at fifthhorseman.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dkg at fifthhorseman.net

--- Comment #1 from Daniel Kahn Gillmor <dkg at fifthhorseman.net>
2010-04-20 08:47:42 EST ---
I made the following proposal on the mailing list:

http://marc.info/?l=openssh-unix-dev&m=127170293002534&w=2

-------------------------------------------------

HostKeyFingerprint is an option which takes a comma-separated set of
fingerprint styles to display to the user upon seeing a new host key.
Supported options are: "hex", "bubblebabble",
"visual"

   The default is: hex

For backward compatibility, -oVisualHostKey=yes implicitly adds
"visual"
to this set if it is not already present.

---------------------------------------

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

bugzilla-daemon at bugzilla.mindrot.org

2010-Jun-04 05:21 UTC

head link

[Bug 1759] allow display of bubblebabble fingerprint when connecting

https://bugzilla.mindrot.org/show_bug.cgi?id=1759

Eric Wheeler <ssh at ew.ewheeler.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |ssh at ew.ewheeler.org

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

bugzilla-daemon at bugzilla.mindrot.org

2010-Jun-04 06:08 UTC

head link

[Bug 1759] allow display of bubblebabble fingerprint when connecting

https://bugzilla.mindrot.org/show_bug.cgi?id=1759

--- Comment #2 from Eric Wheeler <ssh at ew.ewheeler.org>  ---
Enough people ignore host key finger prints (ahem, I've MITMed a few)
that this is an increasingly important feature that needs to be given
real thought.

It would be great if the option provided some granularity of when to
turn on.  For example, when interogated with:

 "The authenticity of host '0 (0.0.0.0)' can't be established.
[...]
Are you sure you want to continue connecting (yes/no)? 

I would want both the Visual and the bubblebabble.  

These are the use states that I might want all-or-some-or-no visual
fingerprint verification options:

1. Always
2. When when the authentication method is "X" (ie, password,
publickey,
hostbased, gssapi-with-mic, gssapi-keyex, etc.)
3. If the controlling terminal is a TTY
4. When the host is unknown
5. When DISPLAY is defined (ie, running under X)

Perhaps something like:
  HostKeyFingerprint
always=babble;tty=babble,visual;password=babble,visual,hex;publickey=none;gssapi-with-mic=babble

Providing the output in the order specified would be great too.  For
example,
  HostKeyFingerprint   tty=babble,hex,visual 
would be different than
  HostKeyFingerprint   tty=visual,babble,hex

People could get cute here too and have external plugins that launch
something on their system that either takes the pubkey as argv[1] or
via stdin:
   HostKeyFingerprint
when_using_x=external(/usr/bin/OpenGLkeyVis),babble

I look forward to augmenting my ~/.ssh/config with something like this:

  HostKeyFingerprint  
tty=babble,hex,visual;using_x=external(/usr/bin/xkeyvis);publickey=none;notty=none;unknown=hex,babble,visual;default=hex,babble,visual

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

Apparently Analagous Threads

Search for more seemingly similar threads

openssh bugs - Apr 2010 - [Bug 1759] New: allow display of bubblebabble fingerprint when connecting

[Bug 1759] New: allow display of bubblebabble fingerprint when connecting

[Bug 1759] allow display of bubblebabble fingerprint when connecting

[Bug 1759] allow display of bubblebabble fingerprint when connecting

[Bug 1759] allow display of bubblebabble fingerprint when connecting

Apparently Analagous Threads