openssh unix dev - Feb 2002 - [Bug 112] Using host key fingerprint instead of "yes"

http://bugzilla.mindrot.org/show_bug.cgi?id=112





------- Additional Comments From dan at doxpara.com  2002-02-13 11:43 -------
Heh, I kinda like that.  You should update the yes/no prompt to say that 
pasting the expected host key will result in appropriate testing, as well as 
providing some sort of error if the remote side *doesn't* match the key
pasted
in.

I hadn't thought of cut and paste as useful like that.

--Dan




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=112

markus at openbsd.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED



------- Additional Comments From markus at openbsd.org  2002-02-14 10:12 -------
i think this is cool idea. do you want to write documentation
for this?



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=112





------- Additional Comments From peak at argo.troja.mff.cuni.cz  2002-02-15
03:42 -------
I can do it (now when I know other people like such a feature) but I am not sure
what kind of documentation (besides proper prompts and other messages from ssh)
should be written? Should this behaviour be described in ssh.1? Or elsewhere?



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=112





------- Additional Comments From djast at cs.toronto.edu  2002-02-15 04:59
-------
I'd like to propose a slight modification to the feature, because I'm
concerned
that unsophisticated users may use it incorrectly.

If the SSH client outputs a fingerprint, and then prompts the user to enter the
fingerprint for the host, a user who does not understand the purpose of this
procedure may simply cut and paste the fingerprint that was just displayed.

Although this is no less secure than the user simply typing "yes" to
accept the
host identification blindly, it may result in a false sense of security for
users who do not understand the purpose of the key fingerprints.

This problem could be addressed by introducing a client-side option which
controls whether the client should handle an unknown host by:
a) displaying the fingerprint and prompting for yes/no (as previously); or
b) not displaying the fingerprint by default, and instead prompting for the user
to enter the host's fingerprint.

This option would be set to do (a) by users who generally wish to compare
fingerprints manually, and to (b) by those who generally wish to have ssh do the
comparison for them.

In the case of (b), this could be enhanced so that the user can type
"yes" to
accept the host key sight-unseen, or "show" to display the fingerprint
and
re-prompt.

Just a suggestion.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=112





------- Additional Comments From peak at argo.troja.mff.cuni.cz  2002-02-21
08:40 -------
I have modified the patch to accept
"yes"/"no"/"check". When you say
"check", it
prompts for a fingerprint ("Enter the expected key fingerprint (DO NOT copy
the
fingerprint that might have been displayed earlier)"), compares it with the
key
received from the server, and prints the result ("The fingerprints
match." /
"The fingerprints do not match.").




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=112





------- Additional Comments From peak at argo.troja.mff.cuni.cz  2002-02-21
08:43 -------
Created an attachment (id=28)
improved fingerprint checking patch against CVS




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=112





------- Additional Comments From mouring at eviladmin.org  2002-02-21 09:00
-------
Would it be better not to display the foriegn finger print in check mode?
This may ensure that the user is not cutting and pasting the wrong entry.

- Ben



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=112





------- Additional Comments From maf at appgate.com  2002-02-21 09:18 -------
One could print the foreign id with dots instead of colons.
Then refuse that format on input. That way you can not just simply
cut'n'paste it.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=112





------- Additional Comments From djast at cs.toronto.edu  2002-02-21 09:59
-------
But the whole *point* of the patch is to cut and paste it--from a trusted
source.  This would usually be "ssh-keygen -l", but it could also be
the output
of another previous ssh session (run from a more trustworthy context).

Poisoning the format of the displayed fingerprint is an ugly approach; with all
due respect, the only argument for taking that tack is that it's easier to
code
than designing it correctly (i.e., in such a manner that it doesn't spit out
the
answer to the question it's asking.)




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.