I’m constantly amazed by the little tips and tricks I stumble upon as I’m working to solve problems. Earlier today, I found this little gem.
Apparently, there is a setting in OpenSSH 5.1 and later for visual remote host fingerprinting. The basic concept is that it’s much easier for the human brain to notice a change in a visual pattern than in a string of hex digits. To turn it on, simply add a line that says
VisualHostKey yes to your ~/.ssh/config file. Then, when you go to SSH into a server, you’ll see a visual representation of the remote host fingerprint, in addition to the regular fingerprint, as shown below:
[jsmith@hockey ~]$ ssh fedorapeople.org Host key fingerprint is 07:d4:02:db:9f:70:d5:2d:7f:1b:6a:df:83:73:95:1d +--[ RSA 2048]----+ | .... .. . | | +. .. o .| | . +.. o | | = . Eo| | S + . B| | . o oo| | . o o| | o +.| | o .| +-----------------+
See, now isn’t that handy?
Can’t see why this better than the thing that warns you that the key has changed and makes you remove it from the known_keys. unless you happened to connect from lots of different systems, in which case it still seems a bit unlikely that you could be be trusted to remember to not talk to systems with different picasso ASCII art signatures.
Don’t forget to set the permissions with a chmod 600 ~/.ssh/config