[Bug 2493] New: Accept host key fingerprint as the same as 'yes'

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Tue Nov 10 15:42:22 AEDT 2015


https://bugzilla.mindrot.org/show_bug.cgi?id=2493

            Bug ID: 2493
           Summary: Accept host key fingerprint as the same as 'yes'
           Product: Portable OpenSSH
           Version: 6.9p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: micah at riseup.net

Maybe this is a terrible idea, but it seems like a great, and simple
improvement.

When prompted with this dialog:

The authenticity of host 'blah.blah.blah (10.10.10.10)' can't be
established. RSA key fingerprint is
a4:d9:a4:d9:a4:d9a4:d9:a4:d9a4:d9a4:d9a4:d9a4:d9a4:d9.
Are you sure you want to continue connecting (yes/no)?

1. I want to verify this key

2. if its a new system, I use ssh-keygen -lf to print out the host's
fingerprint so I can compare it

3. if its the first time I've installed openssh-server on debian, it
prints out the just generated host key fingerprint to stdout

4. if its not a new system, but a shared/collaboratively managed one, I
have the host key fingerprint either in a file, or someone has provided
it to me over a secure channel. 

In order for me to verify the key (#1) in any of the cases #2-4 I have
to visually inspect each character, comparing it one by one. A tedious,
but necessary process. In all the cases, I already have the fingerprint
available to me, but I have to pass it through my human-fallible visual
comparison process. Its so annoying and prone to failure, that I'm
discouraged from doing it. 

What if I didn't have to pass it through my eyes, into my short-term
memory, and then compare it with the other one on the screen... and
instead I could just copy the known-good, verified key fingerprint from
another location and simply paste it into the dialog asking me for
confirmation and that would accept it in the same way that typing 'yes'
would accept it?

In otherwords, what if the equivalent to 'yes' was the user typing in
the host key's fingerprint? Sure, the user can just copy and paste what
is presented there, which wont help them, but most people will also
just type 'yes' without checking the fingerprint as well, so it is no
degradation to the existing status-quo.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list