OpenSSH visual host fingerprint representation

With the visual host key fingerprint, users can tell whether they recognize an ssh key by its pattern. When using SSH to connect to other machines, a representation of the key is displayed for review.

OpenSSH 5.1 and later supports visual remote host fingerprinting. The basic concept is that it’s much easier to notice a change in a visual pattern than in a string of hex digits. To activate, add the following line to your ~/.ssh/config file.

VisualHostKey yes

Next, restart ssh to enable the change. This may be done with a command in "gnome-terminal" or other consol client:

service sshd restart

When you go SSH into a server, you'll see a visual representation of the remote host fingerprint, as shown below:



+--[ RSA 2048]----+
|        .        |
|       + .       |
|      . B .      |
|     o * +       |
|    X * S        |
|   + O o . .     |
|    .   E . o    |
|       . . o     |
|        . .      |

In this format, the DSA key may be read and memorized in a meaningful way. Take note if the pattern changes over time.


Follow us socially