Do you enjoy looking at sequences of hexadecimal numbers and comparing them? I certainly don't. If you happen to be an expert at comparing hex strings, this note will likely be of no use to you.

Key Fingerprints

Since you probably use SSH every day, you might have forgotten the very first time you connected to a server. Do you remember? That day you were asked, "The fingerprint of the server you are trying to access is this; are you sure?" and you brainlessly typed yes and hit Enter.

$ ssh example.com
The authenticity of host 'example.com (0.0.0.0)' can't be established.
RSA key fingerprint is HH:HH:HH:HH:HH:HH:HH:HH:HH:HH:HH:HH:HH:HH:HH:HH
Are you sure you want to continue connecting (yes/no)?

If you were truly cautious, you might point your finger at that hex string and verify it about three times, but I think most people don't go that far. Oh, if only there were a way to compare them more easily...

You can

For starters, let's edit your $HOME/.ssh/config. It's a simple job of adding VisualHostKey=yes to the top of the file.

$ ed $HOME/.ssh/config
1i
VisualHostKey=yes
.
wq

In this state, try to connect to some server via SSH. You will see ASCII art that looks like a framed star you might see after hitting your head.

+--[ED25519 256]--+
|.o          .+. .|
|o.+         . .o |
|o*E          o  o|
|oo.    .    o . o|
|  ..    S. . .  o|
|+ .    ..*.    .o|
|+. +. . *.* .  ..|
|..=... ..*.=. .  |
|....  ..o.oo o.  |
+----[SHA256]-----+

From now on, you don't need to compare hexadecimal strings digit by digit. You can compare them just by looking at this seemingly nonsensical art.

If the appearance changes one day, someone is probably pretending to be the server. Do not connect.

The End

That's it.