• Support
  • Articles
  • Resources
  • Products

Proofreading: hostkey updating message

Moderator: boris

6 postsPage 1 of 1

Yutaka Hirata
TeraTerm Developer

Posts:
609
Joined: Wed Jan 12, 2005 2:35 pm
by Yutaka Hirata » Fri May 08, 2015 3:42 pm
Hi everyone,

OpenSSH 6.8 supports the hostkey rotation feature. The details are as below site.

http://www.openssh.com/txt/release-6.8

However, Tera Term can not connect to the server because Tera Term(TTSSH)
does not support this feature. So, an error dialog will be shown on connection.

Fortunately, I have already implemented this feature in the latest reposity.
I have uploaded below archive supporting the feature.

http://ttssh2.sourceforge.jp/snapshot/snapshot-20150507.zip

Above Tera Term will show a confirmation message when a user connects to the
remote server because the ssh_known_hosts file updates to the latest hostkeys.
So, I make below confirmation message in English. Would you please correct
this sentence if the message contains any mistake?
I am looking forward to hearing from you.

Are you sure you want to accept updated hostkeys?

A user has been received complete hostkeys from a remote server.
Your known_hosts file can be updated to the latest public hostkeys
because the file does not contain in the following keys:
Best regards, Yutaka Hirata
(yutakakn at gmail.com)
http://hp.vector.co.jp/authors/VA013320/
boris
Moderator, LogMeTT and TTLEditor developer

Posts:
1618
Joined: Sat Jan 08, 2005 2:52 pm
by boris » Sat May 09, 2015 3:23 am
Hi Yutaka,

My understanding is that you are adding new warning similar to the one shown on attached image. If so, the best practice is to keep consistency in appearance and verbiage. I'd suggest the following message

Remote server "SERVER_NAME_OR_IP" sent the set of host keys which are absent in your list of known hosts. The machine you have contacted may be a hostile machine pretending to be the server, or legitimate server supporting host key rotation.

If you choose to add all keys from this machine to the known hosts list and continue, then you will not receive this warning again.

And checkbox label at the bottom should read:
Add this machine and its keys to the known hosts list
Make sure there is 's' at the end of the word keys in the check box label.

Optionally you can show the number of keys sent by server. For example:
Add this machine and its 5 keys to the known hosts list

Attachments

ssh_warn.png
ssh_warn.png (27 KiB) Viewed 1357 times
Thanks.
Best regards,
Boris
Yutaka Hirata
TeraTerm Developer

Posts:
609
Joined: Wed Jan 12, 2005 2:35 pm
by Yutaka Hirata » Sat May 09, 2015 9:36 am
Hi Boris,

Thank you for your quick response.
I just modified dialog message by using your opinions.
The message is described as follows:

Remote server "192.168.3.11" sent the set of host keys which are absent in your list of known hosts.
The machine you have contacted may be a hostile machine pretending to be the server, or legitimate server supporting host key rotation.

If you approve to add 3 latest keys and remove 1 osbolete keys from this machine to the known hosts list and continue, then you will not receive this warning again.

3 latest keys:
ssh-rsa a1:02:00:ea:ca:f9:b2:72:89:a8:c0:53:e8:eb:38:fb
ssh-dss b4:5c:f6:52:e6:42:c6:ce:78:45:33:9e:73:ff:cb:e5
ssh-ed25519 8e:f8:94:70:6c:b1:14:78:45:f6:91:00:45:88:d9:ab


Please review this and let me know if you have any comments.

Attachments

key_rotation_message.PNG
key_rotation_message.PNG (18.83 KiB) Viewed 1348 times
Best regards, Yutaka Hirata
(yutakakn at gmail.com)
http://hp.vector.co.jp/authors/VA013320/
boris
Moderator, LogMeTT and TTLEditor developer

Posts:
1618
Joined: Sat Jan 08, 2005 2:52 pm
by boris » Sat May 09, 2015 3:44 pm
Hi Yutaka,

Overall it looks good. I just have few comments.

  • Instead of "If you approve to add"... I'd say "If you choose to add"...

  • "remove 1 obsolete keys" is grammatically incorrect. If you are removing only 1 key you should use singular form - "key", if more than 1 key then plural form "keys". If you don't know ahead what will be the number, you can take one of 2 approaches:

    1) Analyze the number being displayed and append "s" to the end of word "key" if number is >1. I use this approach in LogMeTT when showing number of IP-s, or number of days, hours, minutes and seconds in machine uptime.
    2) Simpler way is use word "key(s)" - showing "s" in parenthesis is commonly accepted way to cover both cases.

  • I cannot read Japanese, but it looks like you use buttons 'Yes' and 'No' in this dialog, while there is no question in this popup. Again, there are 2 ways to fix this:

    1) Before starting to work on new version of LogMeTT I read about best practices of building dialog boxes. 99.9% of users do not read the message body but look at the button labels. That's why recommended way is to alter the text of the buttons and make it more meaningful. If you follow this recommendation the button should be called "Save new key(s) permanently" and "Do not save new key(s)"
    2) Above method requires altering default dialog box which needs some additional effort. Another simpler way is to add the question right above the buttons. The question should be separated by empty line from the previous text. It can be "Do you want to update known hosts file with new key(s) ?" Then the buttons "Yes" and "No" become meaningful answer to this question.
Thanks.
Best regards,
Boris
Yutaka Hirata
TeraTerm Developer

Posts:
609
Joined: Wed Jan 12, 2005 2:35 pm
by Yutaka Hirata » Sun May 10, 2015 3:44 pm
Hi Boris,

Thank you for feedback.
I modified the message dialog in the following:

---------------------------
TTSSH: SECURITY WARNING
---------------------------
Remote server "192.168.3.11" sent the set of host keys which are absent in your list of known hosts.
The machine you have contacted may be a hostile machine pretending to be the server, or legitimate server supporting host key rotation.

If you choose to add 3 latest key(s) and remove 1 obsolete key(s) from this machine to the known hosts list and continue, then you will not receive this warning again.

Do you want to update known hosts file with new key(s)?

3 latest key(s):
ssh-rsa a1:02:00:ea:ca:f9:b2:72:89:a8:c0:53:e8:eb:38:fb
ssh-dss b4:5c:f6:52:e6:42:c6:ce:78:45:33:9e:73:ff:cb:e5
ssh-ed25519 8e:f8:94:70:6c:b1:14:78:45:f6:91:00:45:88:d9:ab

1 obsolete key(s):
ecdsa-sha2-nistp256 9c:dc:38:20:fb:13:e9:d7:a7:60:a1:42:ee:4b:55:7d

---------------------------
??(Y) ???(N)
---------------------------


Above message includes Japanese word because my test program
is working on Japanese version Windows. The message output is
implemented by using MessageBox API, so the output will be shown
for Windows locale.

Attachments

key_rotation_message2.PNG
key_rotation_message2.PNG (23.15 KiB) Viewed 1322 times
Best regards, Yutaka Hirata
(yutakakn at gmail.com)
http://hp.vector.co.jp/authors/VA013320/
boris
Moderator, LogMeTT and TTLEditor developer

Posts:
1618
Joined: Sat Jan 08, 2005 2:52 pm
by boris » Sun May 10, 2015 7:50 pm
Yes, this looks good. Thanks!!
Display posts from previous:
Sort by:

6 postsPage 1 of 1

Users browsing this forum: No registered users
cron