Rather than showing the fingerprint to the user to compare, there could be and option where ssh wouldn't show the fingerprint, but would prompt the user to input the fingerprint by keyboard. Then ssh would evaluate if it is right or wrong. Computers are much better at comparing exact strings than humans. Proposal: ~ seff$ ssh -o PromptFingerprint=yes bugzilla.mindrot.org The authenticity of host 'bugzilla.mindrot.org (130.102.96.3)' can't be established. Type the RSA key fingerprint from remote host:
That's a nice idea though it should probably be under the existing configuration option, e.g. StrictHostKeyChecking=require-fingerprint We should also figure out what we are going to do wrt changing the fingerprint hash, since the two are likely to collide.
Damien, that's seems to be a good approach. With many hash, check against all of them. If any match, accept the key.
Created attachment 2430 [details] StrictHostKeyChecking=require-fingerprint This patch is based on the patch I've just attached to https://bugzilla.mindrot.org/show_bug.cgi?id=1872 and allows to specify StrictHostKeyChecking=require-fingerprint: $ ssh -o FingerprintType=sha256 -o stricthostkeychecking=require-fingerprint -p 2222 localhost The authenticity of host '[localhost]:2222 ([127.0.0.1]:2222)' can't be established. Type the ECDSA key fingerprint from remote host [sha256]: abcd Host key verification failed. $ ssh -o FingerprintType=sha256 -o stricthostkeychecking=require-fingerprint -p 2222 localhost The authenticity of host '[localhost]:2222 ([127.0.0.1]:2222)' can't be established. Type the ECDSA key fingerprint from remote host [sha256]: 5b:bc:6c:0a:b2:8d:84:eb:2a:6b:14:92:94:1c:85:b3:82:98:ba:b0:55:fd:2a:61:52:8c:b0:79:49:4b:e7:73 Warning: Permanently added '[localhost]:2222' (ECDSA) to the list of known hosts.