[*]
The randomart is meant to be an easier way for humans to validate keys.
Validation is normally done by a comparison of meaningless strings (i.e. the hexadecimal representation of the key fingerprint), which humans are pretty slow and inaccurate at comparing. Randomart replaces this with structured images that are faster and easier to compare.
This paper “Hash Visualization: a New Technique to improve Real-World Security”, Perrig A. and Song D., 1999, International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC ’99)” explains some techniques and advantages.
[*]
Add
-o VisualHostKey=yes
to your command line, or put
VisualHostKey=yes
in your ~/.ssh/config
.
You’ll see the randomart of the box you are logging onto. If you log on one day and the random art is different (your brain should go Hey! I don’t recognise that!), then maybe someone is hacking, or something.
The idea is that you don’t consciously need to do it. One of the keys for one of our machines kinda looks like a butterfly. Another one kinda looks like a dick (yes, our brains are primitive). If you log on every day, you get accustomed to the images without even trying.
[*]
Official announcement: OpenSSH 5.1 released
Introduce experimental SSH Fingerprint
ASCII Visualisation to ssh(1) and
ssh-keygen(1). Visual fingerprinnt
display is controlled by a new
ssh_config(5) option “VisualHostKey”.
The intent is to render SSH host keys
in a visual form that is amenable to
easy recall and rejection of changed
host keys. This technique inspired by
the graphical hash visualisation
schemes known as “random art[*]”, and
by Dan Kaminsky’s musings at 23C3 in
Berlin.Fingerprint visualisation in is
currently disabled by default, as the
algorithm used to generate the random
art is still subject to change.
[*]