@cmlh (Posts tagged openssh)

1.5M ratings
277k ratings

See, that’s what the app is perfect for.

Sounds perfect Wahhhh, I don’t wanna

OpenSSH - Fingerprint

This is a preview of my first article that will be published in the second printed issue of Secure Computing Magazine (Australia).

These series of articles will be based on the slides that I presented at SAGE-AU in November 2011.

The article has been quoted in its entirety as it will be shorten for publication due to pagination for print.  

A “fingerprint” is a more visual and shorten representation of a OpenSSH Public/Private Keypair that reduces the rate of error when viewed by an End User or System Administrator when correlating a OpenSSH Private Key to a OpenSSH Public Key (or vice versa).

When generating a new OpenSSH Public/Private Keypair using ssh-keygen (with default values excluding the comment) the fingerprint and associated ASCII “randomart image”[1] are automatically displayed:


The key fingerprint is:
be:7c:7e:07:9a:4a:db:a6:02:1e:c7:90:a2:b0:e2:94 christian.heinrich@cmlh.id.au
The key’s randomart image is:
+–[ RSA 2048]—-+
|                 |
|                 |
|     .           |
|. . o            |
|.o.. o  S        |
|+E  o o.    .    |
|+  . +  o  o .   |
| .  . .o += . .  |
|       .**o. .   |
+—————–+
Inline image 2
Screenshot of ssh-keygen -C “christian.heinrich@cmlh.id.auExecution on OSX
The above fingerprint and associated ASCII "randomart image” can be reproduced at a later date with ssh-keygen -lv -f ~/.ssh/id_rsa.pub and  the same fingerprint is displayed for the OpenSSH Private Key i.e. ssh-keygen -lv -f ~/.ssh/id_rsa (i.e. without the .pub file extension) to identify the related OpenSSH Public Key transmitted to the remote host.

OpenSSH can also display the same fingerprint in “BubbleBabble” [2] encoding i.e. a series of pseudowords, with the -B command line option to further improve readability over hexadecimal e.g. on OpenBSD 5.0:  

cmlh@openbsd$ ssh-keygen -B -f ~/.ssh/id_rsa.pub
2048 xobar-defab-pitom-byrok-zokos-geden-zopov-nedog-segeg-rykoz-noxax/home/cmlh/.ssh/id_rsa.pub (RSA)

In addition, the associated ASCII “randomart image" can also be displayed with the "BubbleBabble” [2] encoding with the -Bv command line option to further improve readability e.g. on OpenBSD 5.0:

cmlh@openbsd$ ssh-keygen -Bv -f ~/.ssh/id_rsa.pub
2048 xobar-defab-pitom-byrok-zokos-geden-zopov-nedog-segeg-rykoz-noxax/home/cmlh/.ssh/id_rsa.pub
The key’s randomart image is:
+–[ RSA 2048]—-+
|                 |
|                 |
|     .           |
|. . o            |
|.o.. o  S        |
|+E  o o.    .    |
|+  . +  o  o .   |
| .  . .o += . .  |
|       .**o. .   |
+—————–+



[2] “The Bubble Babble Binary Data Encoding" ftp://ftp.ietf.org/ietf-mail-archive/secsh/2001-08.mail
OpenSSH fingerprint Secure_Computing_Magazine Secure.Computing.Magazine