mirrors/openssh
0
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2024-11-24 02:02:10 +08:00
Code Issues Packages Projects Releases Wiki Activity

- grunk@cvs.openbsd.org 2008/06/13 20:13:26

Browse Source 
[ssh.1]
     Explain the use of SSH fpr visualization using random art, and cite the
     original scientific paper inspiring that technique.
     Much help with English and nroff by jmc@, thanks.
This commit is contained in:
Darren Tucker 2008-06-14 09:04:26 +10:00
parent 03ccc9b142
commit f6bffb1391
2 changed files with 40 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ChangeLog
View File

@ -18,6 +18,11 @@
- dtucker@cvs.openbsd.org 2008/06/13 18:55:22
[scp.c]
Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
- grunk@cvs.openbsd.org 2008/06/13 20:13:26
[ssh.1]
Explain the use of SSH fpr visualization using random art, and cite the
original scientific paper inspiring that technique.
Much help with English and nroff by jmc@, thanks.
20080612
- (dtucker) OpenBSD CVS Sync
@ -4356,4 +4361,4 @@
OpenServer 6 and add osr5bigcrypt support so when someone migrates
passwords between UnixWare and OpenServer they will still work. OK dtucker@
$Id: ChangeLog,v 1.5008 2008/06/13 23:02:25 dtucker Exp $
$Id: ChangeLog,v 1.5009 2008/06/13 23:04:26 dtucker Exp $

39
ssh.1
View File

@ -34,8 +34,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: ssh.1,v 1.273 2008/02/11 07:58:28 jmc Exp $
.Dd $Mdocdate: February 11 2008 $
.\" $OpenBSD: ssh.1,v 1.274 2008/06/13 20:13:26 grunk Exp $
.Dd $Mdocdate: June 13 2008
.Dt SSH 1
.Os
.Sh NAME
@ -1027,9 +1027,31 @@ Fingerprints can be determined using
.Pp
.Dl $ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key
.Pp
If the fingerprint is already known,
it can be matched and verified,
and the key can be accepted.
If the fingerprint is already known, it can be matched
and the key can be accepted or rejected.
Because of the difficulty of comparing host keys
just by looking at hex strings,
there is also support to compare host keys visually,
using
.Em random art .
By setting the
.Cm CheckHostIP
option to
.Dq fingerprint ,
a small ASCII graphic gets displayed on every login to a server, no matter
if the session itself is interactive or not.
By learning the pattern a known server produces, a user can easily
find out that the host key has changed when a completely different pattern
is displayed.
Because these patterns are not unambiguous however, a pattern that looks
similar to the pattern remembered only gives a good probability that the
host key is the same, not guaranteed proof.
.Pp
To get a listing of the fingerprints along with their random art for
all known hosts, the following command line can be used:
.Pp
.Dl $ ssh-keygen -lv -f ~/.ssh/known_hosts
.Pp
If the fingerprint is unknown,
an alternative method of verification is available:
SSH fingerprints verified by DNS.
@ -1433,6 +1455,13 @@ manual page for more information.
.%T "The Secure Shell (SSH) Public Key File Format"
.%D 2006
.Re
.Rs
.%T "Hash Visualization: a New Technique to improve Real-World Security"
.%A A. Perrig
.%A D. Song
.%D 1999
.%O "International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC '99)"
.Re
.Sh AUTHORS
OpenSSH is a derivative of the original and free
ssh 1.2.12 release by Tatu Ylonen.