https://superuser.com/questions/22535/what-is-randomart-produced-by-ssh-keygen Stack Exchange Network Stack Exchange network consists of 176 Q&A communities including Stack Overflow, the largest, most trusted online community for developers to learn, share their knowledge, and build their careers. Visit Stack Exchange [ ] Loading... 1. 2. 0 3. +0 4. + Tour Start here for a quick overview of the site + Help Center Detailed answers to any questions you might have + Meta Discuss the workings and policies of this site + About Us Learn more about Stack Overflow the company + Business Learn more about hiring developers or posting ads with us 5. 6. Log in Sign up 7. current community + Super User help chat + Meta Super User your communities Sign up or log in to customize your list. more stack exchange communities company blog Super User is a question and answer site for computer enthusiasts and power users. It only takes a minute to sign up. Sign up to join this community [ano] Anybody can ask a question [ano] Anybody can answer [an] The best answers are voted up and rise to the top Super User 1. Home 2. 1. Public 2. Questions 3. Tags 4. Users 5. Unanswered 6. Find a Job 7. Jobs 8. Companies 3. Teams Stack Overflow for Teams - Collaborate and share knowledge with a private group. [teams-illo-free-si] Create a free Team What is Teams? 1. Teams What's this? 2. Create free Team Teams Q&A for work Connect and share knowledge within a single location that is structured and easy to search. Learn more What is randomart produced by ssh-keygen? Ask Question Asked 11 years, 8 months ago Active 5 years, 3 months ago Viewed 113k times 401 105 When you generate a key, you get "randomart" from newer versions of OpenSSH. I am unable to find an explanation of why, and what I'm supposed to use it for. Generating public/private rsa key pair. The key fingerprint is: 05:1e:1e:c1:ac:b9:d1:1c:6a:60:ce:0f:77:6c:78:47 you@i The key's randomart image is: +--[ RSA 2048]----+ | o=. | | o o++E | | + . Ooo. | | + O B.. | | = *S. | | o | | | | | | | +-----------------+ Generating public/private dsa key pair. The key fingerprint is: b6:dd:b7:1f:bc:25:31:d3:12:f4:92:1c:0b:93:5f:4b you@i The key's randomart image is: +--[ DSA 1024]----+ | o.o | | .= E.| | .B.o| | .= | | S = .| | . o . .= | | . . . oo.| | . o+| | .o.| +-----------------+ ssh cryptography Share Improve this question Follow asked Aug 13 '09 at 22:37 [0db] dlamblindlamblin 9,75388 gold badges4242 silver badges5353 bronze badges 4 * 2 You can find an in-depth analysis of the VisualHostKey randomart in the short paper The Drunken Bishop. - loomi Sep 4 '12 at 11:35 * 7 Another question I would like to ask is; is it safe to share your randomart image with others? In other words, given a randomart image such as the above, is it possible to reverse-engineer this back to the key? - AndyJ0076 Mar 24 '19 at 3:36 * 1 @AndyJ0076 randomart is a visualisation of the PUBLIC key's fingerprint, so it is safe :-) - opyate Jul 3 '20 at 20:05 * I was wondering what the key pair should be to see the Mona Lisa - Shadi Namrouti Dec 27 '20 at 7:27 Add a comment | 4 Answers 4 Active Oldest Votes 291 The randomart is meant to be an easier way for humans to validate keys. Validation is normally done by a comparison of meaningless strings (i.e. the hexadecimal representation of the key fingerprint), which humans are pretty slow and inaccurate at comparing. Randomart replaces this with structured images that are faster and easier to compare. This paper "Hash Visualization: a New Technique to improve Real-World Security", Perrig A. and Song D., 1999, International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC '99)" explains some techniques and advantages. Share Improve this answer Follow edited May 17 '12 at 10:23 [2e3] mykhal 29211 silver badge1313 bronze badges answered Aug 13 '09 at 22:47 [ddb] markmark 4,08911 gold badge1818 silver badges99 bronze badges 8 * 77 If you could just explain why humans validate keys, that could help, because frankly I tend to just put my public key in my authorized_keys file and be done with it. - dlamblin Sep 6 '09 at 5:10 * 50 @dlamblin: You generally would not verify your own keys with this. It would, however, be useful for verifying the host key of a remote machine. One idea is that if you login to a particular machine from various locations (or you do not save its key into your known_hosts file), you will be able to recognize the "art" of the host's key. If that art suddenly changed you should be wary of typing in your password because it might mean that a man-in-the-middle attack is in progress on your connection (or it might mean that the host has just changed its keys for some other reason). - Chris Johnsen Oct 27 '09 at 5:43 * 39 Uhm, When could I see the hosts art? (I think I never did.) I only saw such an image after generating my key pair. And to what would I have to compare it to recognize 'sudden' change. - DerMike Feb 9 '11 at 10:15 * 14 I'd wager the randomart adheres to a similar principle as hashes for integrity checks, namely: a small difference in the input generates a wildly different output. That would mean you would just have to memorize the rough shape of the expected randomart to be able to notice something is amiss. Of course this doesn't work in practice when SSH et al don't show you the randomart of the host you're connecting to (they should do so even when the host is known). - Alan Plum Feb 25 '11 at 16:22 * 3 9 years later (I'm old) I have too many different hosts I connect to. Recognizing a change is unlikely. - dlamblin Jan 22 '18 at 7:12 | Show 3 more comments 227 Add -o VisualHostKey=yes to your command line, or put VisualHostKey=yes in your ~/.ssh/config. You'll see the randomart of the box you are logging onto. If you log on one day and the random art is different (your brain should go Hey! I don't recognise that!), then maybe someone is hacking, or something. The idea is that you don't consciously need to do it. One of the keys for one of our machines kinda looks like a butterfly. Another one kinda looks like a dick (yes, our brains are primitive). If you log on every day, you get accustomed to the images without even trying. Share Improve this answer Follow edited Jan 5 '12 at 11:00 [jyN] slhck 200k6060 gold badges537537 silver badges544544 bronze badges answered Jan 5 '12 at 0:49 [f73] Paul MurrayPaul Murray 2,27111 gold badge1111 silver badges22 bronze badges 7 * 9 Not great. If you've logged in before, much better for the computer to do the recognition for you using a stored fingerprint. The feature's only meant to be used for logging into new machines. - Nicholas Wilson May 21 '12 at 13:55 * 62 Way late to this answer, but it's worth pointing out that this would be immensely useful if you were logging in from a different machine that didn't have all of your known_hosts. In that case, the computer wouldn't be able to verify that it's known, but the user should be able to see "That looks way different than normal! " and abort. - Xkeeper Oct 3 '12 at 19:56 * 11 Letting your computer do the recognition is vulnerable to your own computer's known hosts being hacked. Much like you shouldn't let your computer enter passwords for you, you would be better off validating the host's key yourself. - Marko Topolnik May 25 '15 at 17:54 * 2 @MarkoTopolnik: if you can't trust your own local machine that you're connecting from, you shouldn't be using that machine to do anything, much less using SSH. For all you know, the ssh executable itself might've been replaced with a sinister version. - Lie Ryan Dec 11 '19 at 3:58 * @LieRyan good point, how do we protect against that? Since I'm unable to decipher the bits manually we'd need some tools that fail "when tampered with". Do you have insight how we could spot this? To spot when someone is using hacked firmware/hardware from government involvement? - paul23 Jun 19 '20 at 12:34 | Show 2 more comments 40 Official announcement: OpenSSH 5.1 released Introduce experimental SSH Fingerprint ASCII Visualisation to ssh (1) and ssh-keygen(1). Visual fingerprinnt display is controlled by a new ssh_config(5) option "VisualHostKey". The intent is to render SSH host keys in a visual form that is amenable to easy recall and rejection of changed host keys. This technique inspired by the graphical hash visualisation schemes known as "random art[*]", and by Dan Kaminsky's musings at 23C3 in Berlin. Fingerprint visualisation in is currently disabled by default, as the algorithm used to generate the random art is still subject to change. Share Improve this answer Follow edited Aug 13 '09 at 22:56 answered Aug 13 '09 at 22:48 [706] NickNick 1,0541010 silver badges77 bronze badges 1 * 11 That last sentence is, indeed, worth knowing. OpenBSD Journal @ Undeadly.org info about OpenSSH 6.8 release states, "Please note that visual host keys will also be different." Newer software shows different images than the images shown by the older software. - TOOGAM Dec 28 '15 at 7:29 Add a comment | 24 The Randomart displayed after the ssh-keygen generation is a graphic representation of the key you have just generated. Then: * the Randomart is not really useful for the user who generated the ssh-key * the Randomart can be very useful for a user using a connection via SSH to connect often to the same server: if he added the "-o VisualHostKey=yes " option to his SSH command: ssh user@domainname.com -o VisualHostKey=yes the Randomart corresponding to the public key of the server will be displayed. To see an example, you can try: ssh git@github.com -o VisualHostKey=yes In the case where the user often connects to the same server, then he can quickly and easily check if he recognizes the Randomart corresponding to the public-key of this server or not. Which is easier and faster than checking the string of characters of the public-key itself ! Share Improve this answer Follow answered May 4 '15 at 13:30 [d70] tmangintmangin 34122 silver badges44 bronze badges 1 * You can also add it in your ssh/config file VisualHostKey=yes - this is where I found that information safematix.com/system/linux /ssh-visualhostkey - nycynik Mar 4 '20 at 17:29 Add a comment | Your Answer [ ] [ ] [ ] [ ] [ ] [ ] [ ] [ ] [ ] [ ] [ ] [ ] [ ] [ ] [ ] Thanks for contributing an answer to Super User! * Please be sure to answer the question. Provide details and share your research! But avoid ... * Asking for help, clarification, or responding to other answers. * Making statements based on opinion; back them up with references or personal experience. To learn more, see our tips on writing great answers. Draft saved Draft discarded [ ] Sign up or log in Sign up using Google Sign up using Facebook Sign up using Email and Password Submit Post as a guest Name [ ] Email Required, but never shown [ ] Post as a guest Name [ ] Email Required, but never shown [ ] Post Your Answer Discard By clicking "Post Your Answer", you agree to our terms of service, privacy policy and cookie policy Not the answer you're looking for? Browse other questions tagged ssh cryptography or ask your own question. The Overflow Blog * Level Up: Creative Coding with p5.js - part 6 * How often do people actually copy and paste from Stack Overflow? Now we know. Featured on Meta * Stack Overflow for Teams is now free for up to 50 users, forever Linked 1 What is the purpose of the randomart generated by the ssh-keygen utility? 0 Can you publish your SSH key randomart? Related 1 Google Cloud SSH Authentication 0 Paswordless public key-based SSH login on router with Asus Merlin firmware 2 Load key "ec256.pem": invalid format is thrown on trying to generate public key from private key 1 Difference between ssh-keygen -y and id_rsa.pub 1 Why is the RSA fingerprint for my private key the same as my public key? 1 Generating private+public keypair for SSH: difference between ssh-keygen and openssl? Hot Network Questions * Drawing a man in latex * Virtualbox VM lags after increasing #CPU * One does not belong. (But they are all wrong, aren't they?) * Do "shooting" animals exist? * Even odds from die with single mark * C++ class to create and evaluate Chebyshev approximations of arbitrary functions * Is money that has gone into bitcoin already spent? * What made Scientists Coin the term "Vapour" when had "Gas"? * How do the xConnect Docker containers correspond to the Azure xConnect app services? * awk doesn't recognize field as a number * Is the universe old enough to have an ecosystem of feral self-replicating spacecraft? * Feasibilty of Super-Fast Airlock Using Utility Fog * Why are "Attefallshus" (Attefall houses) in Sweden not allowed to be on a land without a big house already on it? * Docking validation RMSD over 3, How can I fix it? * If both A and B have the cardinality of the continuum , then so does A[?]B * Some candidate showed up an hour before the interview * Reversencode the given string * Why do powerlifting federations have minimum standards for records? * Is it better to walk or run in the rain? * In the Beauty and the Beast remake, why wasn't Clothilde shunned as a spinster? * Converting mathematical TeX expressions * What does do in vim? * WW2-era bureaucrats escaping nuclear war into Lovecraftian dimension * Rear wheel won't stay in position more hot questions Question feed Subscribe to RSS Question feed To subscribe to this RSS feed, copy and paste this URL into your RSS reader. [https://superuser.co] * Super User * Tour * Help * Chat * Contact * Feedback * Mobile Company * Stack Overflow * For Teams * Advertise With Us * Hire a Developer * Developer Jobs * About * Press * Legal * Privacy Policy * Terms of Service * Cookie Settings * Cookie Policy Stack Exchange Network * Technology * Life / Arts * Culture / Recreation * Science * Other * Stack Overflow * Server Fault * Super User * Web Applications * Ask Ubuntu * Webmasters * Game Development * TeX - LaTeX * Software Engineering * Unix & Linux * Ask Different (Apple) * WordPress Development * Geographic Information Systems * Electrical Engineering * Android Enthusiasts * Information Security * Database Administrators * Drupal Answers * SharePoint * User Experience * Mathematica * Salesforce * ExpressionEngine(r) Answers * Stack Overflow em Portugues * Blender * Network Engineering * Cryptography * Code Review * Magento * Software Recommendations * Signal Processing * Emacs * Raspberry Pi * Stack Overflow na russkom * Code Golf * Stack Overflow en espanol * Ethereum * Data Science * Arduino * Bitcoin * Software Quality Assurance & Testing * Sound Design * Windows Phone * more (28) * Photography * Science Fiction & Fantasy * Graphic Design * Movies & TV * Music: Practice & Theory * Worldbuilding * Video Production * Seasoned Advice (cooking) * Home Improvement * Personal Finance & Money * Academia * Law * Physical Fitness * Gardening & Landscaping * Parenting * more (10) * English Language & Usage * Skeptics * Mi Yodeya (Judaism) * Travel * Christianity * English Language Learners * Japanese Language * Chinese Language * French Language * German Language * Biblical Hermeneutics * History * Spanish Language * Islam * Russkii iazyk * Russian Language * Arqade (gaming) * Bicycles * Role-playing Games * Anime & Manga * Puzzling * Motor Vehicle Maintenance & Repair * Board & Card Games * Bricks * Homebrewing * Martial Arts * The Great Outdoors * Poker * Chess * Sports * more (16) * MathOverflow * Mathematics * Cross Validated (stats) * Theoretical Computer Science * Physics * Chemistry * Biology * Computer Science * Philosophy * Linguistics * Psychology & Neuroscience * Computational Science * more (10) * Meta Stack Exchange * Stack Apps * API * Data * Blog * Facebook * Twitter * LinkedIn * Instagram site design / logo (c) 2021 Stack Exchange Inc; user contributions licensed under cc by-sa. rev 2021.4.19.39103 Super User works best with JavaScript enabled [p-c1rF4kxg] Your privacy By clicking "Accept all cookies", you agree Stack Exchange can store cookies on your device and disclose information in accordance with our Cookie Policy. Accept all cookies Customize settings