1759 – allow display of bubblebabble fingerprint when connecting

Bug 1759 - allow display of bubblebabble fingerprint when connecting

Summary: allow display of bubblebabble fingerprint when connecting

Status:	NEW

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	ssh (show other bugs)
Version:	-current
Hardware:	All Linux

Importance:	P2 enhancement
Assignee:	Assigned to nobody

URL:	http://bugs.debian.org/578422
Keywords:

Depends on:
Blocks:

Reported:	2010-04-20 07:16 AEST by Colin Watson
Modified:	2010-06-04 16:08 AEST (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Colin Watson 2010-04-20 07:16:10 AEST

In http://bugs.debian.org/578422, Clint Adams requests:

"Please allow the user to enable the display of bubblebabble
fingerprints in addition to or in lieu of the MD5-based hex or
randomart fingerprints when connecting to an unknown host."

Comment 1 Daniel Kahn Gillmor 2010-04-20 08:47:42 AEST

I made the following proposal on the mailing list:

http://marc.info/?l=openssh-unix-dev&m=127170293002534&w=2

-------------------------------------------------

HostKeyFingerprint is an option which takes a comma-separated set of
fingerprint styles to display to the user upon seeing a new host key.
Supported options are: "hex", "bubblebabble", "visual"

   The default is: hex

For backward compatibility, -oVisualHostKey=yes implicitly adds "visual"
to this set if it is not already present.

---------------------------------------

Comment 2 Eric Wheeler 2010-06-04 16:08:11 AEST

Enough people ignore host key finger prints (ahem, I've MITMed a few) that this is an increasingly important feature that needs to be given real thought.

It would be great if the option provided some granularity of when to turn on.  For example, when interogated with:

 "The authenticity of host '0 (0.0.0.0)' can't be established. [...] Are you sure you want to continue connecting (yes/no)? 

I would want both the Visual and the bubblebabble.  

These are the use states that I might want all-or-some-or-no visual fingerprint verification options:

1. Always
2. When when the authentication method is "X" (ie, password, publickey, hostbased, gssapi-with-mic, gssapi-keyex, etc.)
3. If the controlling terminal is a TTY
4. When the host is unknown
5. When DISPLAY is defined (ie, running under X)

Perhaps something like:
  HostKeyFingerprint always=babble;tty=babble,visual;password=babble,visual,hex;publickey=none;gssapi-with-mic=babble

Providing the output in the order specified would be great too.  For example,
  HostKeyFingerprint   tty=babble,hex,visual 
would be different than
  HostKeyFingerprint   tty=visual,babble,hex

People could get cute here too and have external plugins that launch something on their system that either takes the pubkey as argv[1] or via stdin:
   HostKeyFingerprint when_using_x=external(/usr/bin/OpenGLkeyVis),babble

I look forward to augmenting my ~/.ssh/config with something like this:

  HostKeyFingerprint   tty=babble,hex,visual;using_x=external(/usr/bin/xkeyvis);publickey=none;notty=none;unknown=hex,babble,visual;default=hex,babble,visual