- grunk@cvs.openbsd.org 2008/06/11 21:01:35

[ssh_config.5 key.h readconf.c readconf.h ssh-keygen.1 ssh-keygen.c key.c sshconnect.c] Introduce SSH Fingerprint ASCII Visualization, a technique inspired by the graphical hash visualization schemes known as "random art", and by Dan Kaminsky's musings on the subject during a BlackOp talk at the 23C3 in Berlin. Scientific publication (original paper): "Hash Visualization: a New Technique to improve Real-World Security", Perrig A. and Song D., 1999, International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC '99) http://sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf The algorithm used here is a worm crawling over a discrete plane, leaving a trace (augmenting the field) everywhere it goes. Movement is taken from dgst_raw 2bit-wise. Bumping into walls makes the respective movement vector be ignored for this turn, thus switching to the other color of the chessboard. Graphs are not unambiguous for now, because circles in graphs can be walked in either direction. discussions with several people, help, corrections and ok markus@ djm@
author: Darren Tucker <dtucker@zip.com.au> 2008-06-13 04:40:35 +1000
committer: Darren Tucker <dtucker@zip.com.au> 2008-06-13 04:40:35 +1000
commit: 9c16ac926376ad87084ae78bac44a813ae5db21f (patch)
tree: 438b335d17d91d45c9c77fba9339816b2bf2dbf9 /ssh_config.5
parent: 1199673393661ceafc3141e5df43c53e9acdba2f (diff)
1 files changed, 6 insertions, 2 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index d6f3fbf80..28ac724c8 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,8 +34,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.106 2008/06/10 18:21:24 dtucker Exp $
+.\" $OpenBSD: ssh_config.5,v 1.107 2008/06/11 21:01:35 grunk Exp $
-.Dd $Mdocdate: June 10 2008 $
+.Dd $Mdocdate: June 11 2008 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -161,6 +161,10 @@ will additionally check the host IP address in the
 file.
 This allows ssh to detect if a host key changed due to DNS spoofing.
 If the option is set to
+.Dq fingerprint ,
+not only the host IP address will be checked, but also an ASCII art
+representation of the key will be printed.
+If the option is set to
 .Dq no ,
 the check will not be executed.
 The default is
author	Darren Tucker <dtucker@zip.com.au>	2008-06-13 04:40:35 +1000
committer	Darren Tucker <dtucker@zip.com.au>	2008-06-13 04:40:35 +1000
commit	9c16ac926376ad87084ae78bac44a813ae5db21f (patch)
tree	438b335d17d91d45c9c77fba9339816b2bf2dbf9 /ssh_config.5
parent	1199673393661ceafc3141e5df43c53e9acdba2f (diff)

diff --git a/ssh_config.5 b/ssh_config.5 index d6f3fbf80..28ac724c8 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -34,8 +34,8 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: ssh_config.5,v 1.106 2008/06/10 18:21:24 dtucker Exp $	37	.\" $OpenBSD: ssh_config.5,v 1.107 2008/06/11 21:01:35 grunk Exp $
38	.Dd $Mdocdate: June 10 2008 $	38	.Dd $Mdocdate: June 11 2008 $
39	.Dt SSH_CONFIG 5	39	.Dt SSH_CONFIG 5
40	.Os	40	.Os
41	.Sh NAME	41	.Sh NAME
@@ -161,6 +161,10 @@ will additionally check the host IP address in the
161	file.	161	file.
162	This allows ssh to detect if a host key changed due to DNS spoofing.	162	This allows ssh to detect if a host key changed due to DNS spoofing.
163	If the option is set to	163	If the option is set to
		164	.Dq fingerprint ,
		165	not only the host IP address will be checked, but also an ASCII art
		166	representation of the key will be printed.
		167	If the option is set to
164	.Dq no ,	168	.Dq no ,
165	the check will not be executed.	169	the check will not be executed.
166	The default is	170	The default is