#107793 SSH should make it simpler to check server keys

Package:
openssh-client
Source:
openssh
Description:
secure shell (SSH) client, for secure access to remote machines
Submitter:
Francois-Rene Rideau
Date:
2010-01-04 12:33:14 UTC
Severity:
wishlist
#107793#5
Date:
2001-08-06 11:35:15 UTC
From:
To:
When logging into a host for the first time from an account, SSH says:
The authenticity of host 'quatra (10.10.0.1)' can't be established.
RSA key fingerprint is eb:30:2d:4f:8d:40:ed:6d:d1:7f:98:4b:28:5b:95:8b.
Are you sure you want to continue connecting (yes/no)?

This is all good and well, and is indispensible to fight man-in-the-middle
attacks. But this supposes the user has a way to check the fingerprint.

Now, how the hell a user is meant to check this fingerprint is not documented
in the ssh manual page, and it took me quite some time (and external help)
to figure out that the following zsh functions would help:

ssh-localkey2 () { ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub }
ssh-knownkey2 () { ssh-keygen -l -f ~/.ssh/known_hosts2 | fgrep $1 }
ssh-localkey1 () { ssh-keygen -l -f /etc/ssh/ssh_host_key.pub }
ssh-knownkey1 () { ssh-keygen -l -f ~/.ssh/known_hosts | fgrep $1 }
ssh-scannedkey1 () { ssh-keygen -l -f =(ssh-keyscan $@) ; : 2> /dev/null }

Regarding the last function, it should be remarked that
* There is no way to specify protocol 2 for ssh-keyscan
* ssh-keygen refuses to use STDIN as input, which prevents the use of a pipe;
 it would be nice to be able to pipe ssh-keyscan output into
	ssh-keygen -l -f -
 Instead, I have to resort to the =() temporary file feature of zsh.
 Not everybody uses zsh.

So my wishlist is:
* add protocol 2 to ssh-keyscan
* ssh-keyscan should have the same default protocol as ssh
* add support for -f - to ssh-keygen.
* document fingerprint verification in the SSH manpage.
* in the long run, have a ssh-checkkey utility to help verifying keys.

Yours freely,

[ François-René ÐVB Rideau | Reflection&Cybernethics | http://fare.tunes.org ]
[  TUNES project for a Free Reflective Computing System  | http://tunes.org  ]
Ob(Pure Programming Languages): implicit state _is_ modularity.
If we want to be really radical, and eliminate implicit state,
then we should eliminate it at the meta-level, too,
and remove named variables, leaving us only combinators.
(\Pi (S (K \Pi) (S (S (K S) (S (K K) (S (K P) I))) (S (S (K S)
(S (K (S (K P))) (S (S (K S) (S (K K) (S (K P) I))) (K I)))) (K I)))))