[prev in list] [next in list] [prev in thread] [next in thread]
List: openssh-unix-dev
Subject: choice of fingerprint display upon new host access
From: Daniel Kahn Gillmor <dkg () fifthhorseman ! net>
Date: 2010-04-19 18:48:00
Message-ID: 4BCCA560.5020803 () fifthhorseman ! net
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
When a user encounters a new ssh host, the VisualHostKey option makes
ssh display the visual fingerprint of the host's key.
ssh-keygen also supports BubbleBabble fingerprinting, but i don't see a
way to indicate that ssh should display the bubblebabble fingerprint
upon encountering a new host key.
It seems like it would be nice to make OpenSSH configurable about its
choice of fingerprinting scheme without adding a new option for every
possible flavor of fingerprinting. In particular, i'm not proposing
that we include a BubbleBabbleHostKey option to ssh_config.
What do people think of the following approach for ssh_config:
HostKeyFingerprint is an option which takes a comma-separated set of
fingerprint styles to display to the user upon seeing a new host key.
Supported options are: "hex", "bubblebabble", "visual"
The default is: hex
For backward compatibility, -oVisualHostKey=yes implicitly adds "visual"
to this set if it is not already present.
If people think this is a good idea, i'll open a bugzilla ticket about
it. I'm also interested to hear if people have any objections to the idea.
Regards,
--dkg
["signature.asc" (application/pgp-signature)]
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic