OpenSSH Visual Fingerprints

By Chris Josephes
November 5, 2008

OpenSSH 5.1 includes a feature called visual fingerprints for host keys. Before this feature came out, keys were represented by a hexadecimal sequence that you would usually see the first time you log into a host. Now they're also represented by high-tech looking ASCII art.

+--[ DSA 1024]----+
|             .o  |
|             ..o |
|             .o +|
|             .E* |
|        S o o  .+|
|       o = B o. o|
|        o o = o. |
|           . o . |
|            .    |

Few users would ever bother to remember a host key; because the verification is performed by the SSH client. The user's concern with a host key only comes into play during the first time logging on to a host, or if the key sent from the host doesn't match the expected key.

Visual fingerprints changes the user's process of identification. Instead of having to remember a sequence, they can recognize the pattern of the key. Through continued exposure of the fingerprint, users will become familiar with it, and immediately recognize a problem if the key changes.

You might also be interested in:

News Topics

Recommended for You

Got a Question?