Key authenticity warning suggestion

Ben FrantzDale bfrantzdale at hmc.edu
Tue Aug 26 02:13:23 EST 2003


Until recently I was unaware of how to get the key fingerprint of a host
using ssh-keygen. Finding that out took asking several security-minded
people. In other words, I don't think it's public knowledge.

This made me think that the warning could be changed to something along
these lines:

The authenticity of host '192.168.0.123' can't be established.
RSA key fingerprint in md5 is: 59:94:5a:d7:2b:1f:ad:6e:ef:24:4c:71:1d:3c:3b:4a
If you have access to '192.168.0.123' you can run
ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
on it to verify this key fingerprint.
Are you sure you want to continue connecting(yes/no)?yes
Warning: Permanently added '192.168.0.123' (RSA) to the list of known hosts.

What do you think?

--Ben 




More information about the openssh-unix-dev mailing list