[Bug 112] Using host key fingerprint instead of "yes"

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Feb 15 04:59:24 EST 2002


http://bugzilla.mindrot.org/show_bug.cgi?id=112





------- Additional Comments From djast at cs.toronto.edu  2002-02-15 04:59 -------
I'd like to propose a slight modification to the feature, because I'm concerned
that unsophisticated users may use it incorrectly.

If the SSH client outputs a fingerprint, and then prompts the user to enter the
fingerprint for the host, a user who does not understand the purpose of this
procedure may simply cut and paste the fingerprint that was just displayed.

Although this is no less secure than the user simply typing "yes" to accept the
host identification blindly, it may result in a false sense of security for
users who do not understand the purpose of the key fingerprints.

This problem could be addressed by introducing a client-side option which
controls whether the client should handle an unknown host by:
a) displaying the fingerprint and prompting for yes/no (as previously); or
b) not displaying the fingerprint by default, and instead prompting for the user
to enter the host's fingerprint.

This option would be set to do (a) by users who generally wish to compare
fingerprints manually, and to (b) by those who generally wish to have ssh do the
comparison for them.

In the case of (b), this could be enhanced so that the user can type "yes" to
accept the host key sight-unseen, or "show" to display the fingerprint and
re-prompt.

Just a suggestion.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the openssh-unix-dev mailing list