summaryrefslogtreecommitdiff
path: root/ssh.1
diff options
context:
space:
mode:
Diffstat (limited to 'ssh.1')
-rw-r--r--ssh.139
1 files changed, 34 insertions, 5 deletions
diff --git a/ssh.1 b/ssh.1
index e191bf04e..e975dae01 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,8 +34,8 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: ssh.1,v 1.273 2008/02/11 07:58:28 jmc Exp $ 37.\" $OpenBSD: ssh.1,v 1.274 2008/06/13 20:13:26 grunk Exp $
38.Dd $Mdocdate: February 11 2008 $ 38.Dd $Mdocdate: June 13 2008
39.Dt SSH 1 39.Dt SSH 1
40.Os 40.Os
41.Sh NAME 41.Sh NAME
@@ -1027,9 +1027,31 @@ Fingerprints can be determined using
1027.Pp 1027.Pp
1028.Dl $ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key 1028.Dl $ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key
1029.Pp 1029.Pp
1030If the fingerprint is already known, 1030If the fingerprint is already known, it can be matched
1031it can be matched and verified, 1031and the key can be accepted or rejected.
1032and the key can be accepted. 1032Because of the difficulty of comparing host keys
1033just by looking at hex strings,
1034there is also support to compare host keys visually,
1035using
1036.Em random art .
1037By setting the
1038.Cm CheckHostIP
1039option to
1040.Dq fingerprint ,
1041a small ASCII graphic gets displayed on every login to a server, no matter
1042if the session itself is interactive or not.
1043By learning the pattern a known server produces, a user can easily
1044find out that the host key has changed when a completely different pattern
1045is displayed.
1046Because these patterns are not unambiguous however, a pattern that looks
1047similar to the pattern remembered only gives a good probability that the
1048host key is the same, not guaranteed proof.
1049.Pp
1050To get a listing of the fingerprints along with their random art for
1051all known hosts, the following command line can be used:
1052.Pp
1053.Dl $ ssh-keygen -lv -f ~/.ssh/known_hosts
1054.Pp
1033If the fingerprint is unknown, 1055If the fingerprint is unknown,
1034an alternative method of verification is available: 1056an alternative method of verification is available:
1035SSH fingerprints verified by DNS. 1057SSH fingerprints verified by DNS.
@@ -1433,6 +1455,13 @@ manual page for more information.
1433.%T "The Secure Shell (SSH) Public Key File Format" 1455.%T "The Secure Shell (SSH) Public Key File Format"
1434.%D 2006 1456.%D 2006
1435.Re 1457.Re
1458.Rs
1459.%T "Hash Visualization: a New Technique to improve Real-World Security"
1460.%A A. Perrig
1461.%A D. Song
1462.%D 1999
1463.%O "International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC '99)"
1464.Re
1436.Sh AUTHORS 1465.Sh AUTHORS
1437OpenSSH is a derivative of the original and free 1466OpenSSH is a derivative of the original and free
1438ssh 1.2.12 release by Tatu Ylonen. 1467ssh 1.2.12 release by Tatu Ylonen.