OpenBSD Journal

[c2k8]: Developer Blog: grunk@ - SSH Fingerprint Visualization Support

Contributed by johan on from the artsy dept.

Alexander von Gernler (grunk@) has committed support for SSH fingerprint visualization. This is a technique to make it possible for users to remember SSH fingerprints more easily. Instead of just looking at the ssh fingerprint in clear text you can now get a graphical pattern where your key is represented by a worm inside a field, the worm will look slightly different depending on the fingerprint.

Update (Thu Jun 26 2008, 16:42:30 CET): Some changes has been made since this article was written. Instead of having to specify "CheckHostIP fingerprint" to turn on visualization, you now have to use "VisualHostKey yes". "CheckHostIP fingerprint" won't work anymore, and has returned to be a normal bool yes/no option.

Please read on for Alexander's blog...

In December 2006, I attended a talk by Dan Kaminsky [1] [2],
a security expert well known for his creative approaches towards
problems and for his extremely entertaining style of presentation.
His talk dealt a lot with visualization of problems from different
areas, and was fun to watch, as always.
Dan managed to tie together some loose ends in my head about various
topics, and also managed to draw my attention to the problem of
SSH and the hex fingerprints.

As many of you know, a fingerprint may be as secure as it can be,
but the security of the system stands and falls with the user.
So if people don't verify fingerprints because it is too complicated
and annoying for them, we have to catch them where they can't escape:
Actually, the human brain is the most powerful pattern recognition
system ever known, so why not make use of it, and show a little
image to the users every time they log in.
If the image is the same all the time, then everything feels normal.
And if not, it starts feeling fishy immediately.

One of the problems I had to solve was the output format.  As you all
know we're operating on text terminals most of the
time, and high-resolution graphics are not available always.
However, the schemes available all tried to do some random graphical
output that aimed to be characteristic and easy to remember.

So there I was with my constraints:  The output had to be
7-bit clean ASCII text, with no colors, no scrolling, no animation,
no nothing.  I then designed a very simple algorithm that
nevertheless takes all the bits of a hex fingerprint into account.
I am still doing research towards the question of how easy it is
to forge these pictures.
(If you're at a University and doing Theoretical Computer Science,
Graph Theory or Cryptography and have any remarks to make,
I'll be glad to hear from you :)

Now perhaps you'll be curious and want to play around with the
new feature.  Just do the following steps:

1.  (Of course) compile a -current ssh
2.  Insert the option
        CheckHostIP     fingerprint
    to your ~/.ssh/config file.  Now you will get the ASCII art
    displayed on every login.
3.  If you want to know what your known hosts "look" like,
    type in
        ssh-keygen -lv -f ~/.ssh/known_hosts | less
    and learn!  There's a canadian anoncvs mirror that looks
    like a cat, for example ;)

[1] the the talk recorded in mpeg-4 format
[2] slides

(Comments are closed)


Comments
  1. By anonymous pedro (201.53.102.38) on

    That's exactly how I envisioned it.

    Comments
    1. By anonymous grunk (2a01:198:262:1:20a:e4ff:fe35:3081) on

      > That's exactly how I envisioned it.

      No man, that's exactly how it was implimented. Apologize! :)

      Comments
      1. By Anonymous Coward (88.217.158.50) on

        > > That's exactly how I envisioned it.
        >
        > No man, that's exactly how it was implimented. Apologize! :)

        oh is it your paycheck that makes you think so?

  2. By Anonymous Coward (209.139.249.129) on

    Cool stuff. Checking out tree now on a -current "play with me" box.

    Love the whole idea of it.


  3. By Anonymous Coward (84.0.5.102) on

    Picture, anyone?

  4. By Anonymous Coward (158.64.153.152) on

    Thanks, for your work!

    I tried it, but you still have to get used to it. I'm not sure these graphics are easy to remember ...

    +--[ RSA]---------+
    |.o |
    |... |
    |= ... |
    | = ... |
    |+ . .ES |
    |.. o ..o . |
    | . o ..+ o o |
    | . o o. . = . |
    | . . . o |
    +-----------------+

    +--[ RSA]---------+
    | .. . |
    | . . . |
    | . . o |
    | . . = |
    | . oSo |
    | . . ..= . |
    |E . o.B = |
    | o =.* |
    | +o. |
    +-----------------+

    Comments
    1. By Anonymous Coward (84.0.5.102) on

      > I'm not sure these graphics are easy to remember ...

      +1

    2. By Anonymous Coward (81.83.46.216) on

      > +--[ RSA]---------+
      > |      .. .       |
      > |     .  . .      |
      > |    .  . o       |
      > |   .  . =        |
      > |  .    oSo       |
      > | .  . ..= .      |
      > |E .  o.B =       |
      > | o    =.*        |
      > |       +o.       |
      > +-----------------+
      
      big sitting bird :-)

      Comments
      1. By Anonymous Coward (81.83.46.216) on

        something like this would be far more obvious ;o)
        +--[ RSA]---------+
        |                 |
        |                 |
        |             o/~ |
        |   ('<   o/~     |
        |  ,',)           |
        | ''<<            |
        |---""---         |
        |                 |
        +-----------------+ 
        

      2. By Anonymous Coward (209.139.249.129) on

        >
        > +--[ RSA]---------+
        > | .. . |
        > | . . . |
        > | . . o |
        > | . . = |
        > | . oSo |
        > | . . ..= . |
        > |E . o.B = |
        > | o =.* |
        > | +o. |
        > +-----------------+
        >
        >
        > big sitting bird :-)

        Pooping beaver.

    3. By Anonymous Coward (2a01:348:108:100:20a:5eff:fe1a:a300) on

      > Thanks, for your work!
      >
      > I tried it, but you still have to get used to it. I'm not sure these graphics are easy to remember ...

      Wow, you have bubble-babble signatures committed to memory? I salute you :)

      For us mortals it's not so much useful for ease of remembering, as ease of comparison. With existing fingerprints, people tend to compare just a few positions in the key. If you have two of the "ssh nethack mode" images, say, one on-screen and one printed on a card, comparison is quicker and easier.

      +--[ RSA]---------+  +--[ RSA]---------+
      |.o               |  |.o               |
      |...              |  |...              |
      |= ...            |  |= ...            |
      | = ...           |  | = ...           |
      |+  .  .ES        |  |+  .  .ES        |
      |..  o  ..o .     |  |.. o   ..o .     |
      |   . o  ..+ o o  |  |  . o   ..+ o o  |
      |    . o o. . = . |  |    . o o. . = . |
      |     . . .    o  |  |     . . .    o  |
      +-----------------+  +-----------------+

      Comments
      1. By Anonymous Coward (12.153.51.253) on

        > For us mortals it's not so much useful for ease of remembering, as ease of comparison. With existing fingerprints, people tend to compare just a few positions in the key. If you have two of the "ssh nethack mode" images, say, one on-screen and one printed on a card, comparison is quicker and easier.
        >
        > [MANGLED]

        I'm not so sure that comparison would be easier with this method, GIVEN the user has a printed card. I would find it much easier to compare a compact, linear sequence of hex digits by placing said card on the screen below the SSH fingerprint (I would print it in roughly the correct size to match most terminals I would expect to use); in fact, base-64 encoding would probably make the printed-card method even easier. I actually found the difference between the two fingerprint images YOU published to be very subtle.

  5. By Anonymous Coward (121.116.178.61) on

    Dan's talk is very interesting but you can skip the beginning 10 min if you are only interested in ssh hex problem.

  6. By Krunch (91.106.223.231) on

    Is there a PDF version of the slides somewhere?

    Comments
    1. By Jared (209.59.105.36) jjsolomon@gmail.com on

      > Is there a PDF version of the slides somewhere?

      And/or torrent of either?

    2. By Sunnz (sunnz) on http://yius.id.au

      > Is there a PDF version of the slides somewhere?

      I just made a quick and dirty conversion from ppt to pdf using OpenOffice.org, the result is here:

      http://yius.id.au/dmk_blackops2006_ccc.pdf

  7. By Peter (129.132.27.180) on

    Am I the only one who does not like it? Numbers are cumbersome, but they are precise.

    Pictures can be confuse the viewer. I think it should be possible to write a small program that generates thousands of keys, trying to create one where the fingerprint picture is close to the original picture. Assuming that the user has no picture reference, it seems likely that he will accept the false key as his own. The brain is great in recognizing things even if they are not 100% the same.

    This looks like a security facade to me, weakening the security.

    Comments
    1. By Anonymous Coward (75.111.94.145) on

      > Am I the only one who does not like it? Numbers are cumbersome, but they are precise.
      >
      > Pictures can be confuse the viewer. I think it should be possible to write a small program that generates thousands of keys, trying to create one where the fingerprint picture is close to the original picture. Assuming that the user has no picture reference, it seems likely that he will accept the false key as his own. The brain is great in recognizing things even if they are not 100% the same.
      >
      > This looks like a security facade to me, weakening the security.

      Well, on the other hand it's actually much easier to generate thousands of keys and find one that has a hex fingerprint that starts and ends with the same couple of bytes as the fingerprint on the machine you are attacking, so in that respect it's no more or less secure than the existing method of asking a user to verify the hex key. Either they will identify it exactly, byte by byte, or they will choose an approximation. The fingerprint is a more easily recognized approximation, but obviously its still not a substitute for out of band validation.

      IMO they really need to add the capability for ssh to validate keys through a CA.

  8. By martin f. krafft (2001:41e0:ff12:0:211:2fff:fe6b:c869) undeadly.org@pobox.madduck.net on http://madduck.net

    I wish this feature didn't exist, it's useless.

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]