Bug 1759

Summary: allow display of bubblebabble fingerprint when connecting
Product: Portable OpenSSH Reporter: Colin Watson <cjwatson>
Component: sshAssignee: Assigned to nobody <unassigned-bugs>
Status: NEW ---    
Severity: enhancement CC: dkg, ssh
Priority: P2    
Version: -current   
Hardware: All   
OS: Linux   
URL: http://bugs.debian.org/578422

Description Colin Watson 2010-04-20 07:16:10 AEST 
In http://bugs.debian.org/578422, Clint Adams requests:

"Please allow the user to enable the display of bubblebabble
fingerprints in addition to or in lieu of the MD5-based hex or
randomart fingerprints when connecting to an unknown host."
Comment 1 Daniel Kahn Gillmor 2010-04-20 08:47:42 AEST 
I made the following proposal on the mailing list:

http://marc.info/?l=openssh-unix-dev&m=127170293002534&w=2

-------------------------------------------------

HostKeyFingerprint is an option which takes a comma-separated set of
fingerprint styles to display to the user upon seeing a new host key.
Supported options are: "hex", "bubblebabble", "visual"

   The default is: hex

For backward compatibility, -oVisualHostKey=yes implicitly adds "visual"
to this set if it is not already present.

---------------------------------------
Comment 2 Eric Wheeler 2010-06-04 16:08:11 AEST 
Enough people ignore host key finger prints (ahem, I've MITMed a few) that this is an increasingly important feature that needs to be given real thought.

It would be great if the option provided some granularity of when to turn on.  For example, when interogated with:

 "The authenticity of host '0 (0.0.0.0)' can't be established. [...] Are you sure you want to continue connecting (yes/no)? 

I would want both the Visual and the bubblebabble.  

These are the use states that I might want all-or-some-or-no visual fingerprint verification options:

1. Always
2. When when the authentication method is "X" (ie, password, publickey, hostbased, gssapi-with-mic, gssapi-keyex, etc.)
3. If the controlling terminal is a TTY
4. When the host is unknown
5. When DISPLAY is defined (ie, running under X)

Perhaps something like:
  HostKeyFingerprint always=babble;tty=babble,visual;password=babble,visual,hex;publickey=none;gssapi-with-mic=babble

Providing the output in the order specified would be great too.  For example,
  HostKeyFingerprint   tty=babble,hex,visual 
would be different than
  HostKeyFingerprint   tty=visual,babble,hex

People could get cute here too and have external plugins that launch something on their system that either takes the pubkey as argv[1] or via stdin:
   HostKeyFingerprint when_using_x=external(/usr/bin/OpenGLkeyVis),babble

I look forward to augmenting my ~/.ssh/config with something like this:

  HostKeyFingerprint   tty=babble,hex,visual;using_x=external(/usr/bin/xkeyvis);publickey=none;notty=none;unknown=hex,babble,visual;default=hex,babble,visual