github twitter linkedin email rss
Rorschach's Shell
Aug 17, 2016
3 minutes read

Ahh randomart.

+---[RSA 2048]----+
|        .        |
|       + .       |
|      . B .      |
|     o * +       |
|    X * S        |
|   + O o . .     |
|    .   E . o    |
|       . . o     |
|        . .      |
+-----------------+

The GitHub randomart always reminds me of a seal…

MariaDB Seal

Hmmmm.

At any rate, SSH randomart is mostly seen only when generating your keypair for the first time. It’s a pretty interesting idea. A visual representation of a key which makes it possible for humans to ID keys at a glance! It’s like having a CA in your brain.

And there’s a very real application for these things in real life! SSH Host keys! When you connect to the host, you have to handshake with the server, the server identifies itself with its public key, and you can randomart it every time!

Just pop into ~/.ssh/config and add:

VisualHostKey=yes

If you’re only on one machine, SSH will definitely let you know if a host key changes, but what about new machines? Randomart gives you a way to usefully remember host keys with your visual memory!

Another example: once I was working in a VM environment where all of the machines were made from the same root image, and they all had the exact same host keys. I noticed this because I had randomart on! I brought it to the attention of the admins, and we got the host keys rotated, and the VM provisioning procedure fixed as a result. That’s a pretty bad vulnerability (prod had the same key as the build server, for example), and there’s no way I ever would’ve noticed if I was just looking at the key fingerprints.

Now, you need to practice!

GitLab

+---[ECDSA 256]---+
|                 |
|         .       |
|        o .      |
|         + . . E |
|        S o B + .|
|           = @ . |
|          . B *  |
|           + = o |
|          . .  .+|
+-----------------+

Ehm.. This one isn’t very good. I say: The pok√©mon polygon, sideways.

Bitbucket

+---[RSA 2048]----+
|         oE.     |
|        . o .    |
|       . . .     |
|        .o...    |
|      ..S.+= .   |
|       oo+= +    |
|       ooo . .   |
|        ... .    |
|       ..oo.     |
+-----------------+

This Terrifying Server!

This one is more fun! Run this right now!:

ssh whoami.filippo.io

Experience the randomart, then the fear.

+---[RSA 2048]----+
|    .oE          |
|     +..         |
|    . = .        |
|     = * .       |
|  .   * S .      |
|   + B . o       |
|  . *   + .      |
|       . +       |
|        .        |
+-----------------+

Kind of like a talony bird. Like a peregrine falcon or something..

Which Reminds Me

Add this to your ~/.ssh/config too…

Host *
    UseRoaming=no

Back to posts


comments powered by Disqus