Uploaded image for project: 'MINA SSHD'
  1. MINA SSHD
  2. SSHD-586

openssh compliant public key fingerprint

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 1.1.0
    • 1.1.0
    • None

    Description

      Hello,

      The apache-sshd always assumes fingerprint as hex string ':' separated.

      While openssh public key fingerprint differs, here are some examples:
      $ ssh-keygen -l -E md5 -f ~/.ssh/id_rsa.pub
      2048 MD5:1f:b0:db:4b:48:6d:e2:0c:9e:18:a6:88:c9:be:f9:5f alonbl@localhost (RSA)
      $ ssh-keygen -l -E sha1 -f ~/.ssh/id_rsa.pub
      2048 SHA1:aKxMeaFsKNkuHurHCTZ1scdJ7Pc alonbl@localhost (RSA)
      $ ssh-keygen -l -E sha512 -f ~/.ssh/id_rsa.pub
      2048 SHA512:U4X0Iw3sF+2Hgc0Y78R/6uUw/goG9X2SPFEmsG4yW/EkDFNJtzRMX4/jUawmQMSWSaQdnv3yOO4AItNgLgePdw alonbl@localhost (RSA)

      $ ssh root@10.35.0.71
      The authenticity of host '10.35.0.71 (10.35.0.71)' can't be established.
      ECDSA key fingerprint is SHA256:G2GAthRObSnT13jBb7bKl2P0Tf8ucuEqXaYJOdfqHUA.
      Are you sure you want to continue connecting (yes/no)?

      Old format without a prefix: 1f:b0:db:4b:48:6d:e2:0c:9e:18:a6:88:c9:be:f9:5f is considered md5.
      New format with digest: prefix for md5 keeps the hex string.
      Any other digest will have base64 encoded digest value.

      It will be nice if KeyUtils.getFingerPrint(Digest d, PublicKey key) will comply with the above, so fingerprint can be presented to user and user will be able to compare it visually to expected value.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              alonbl Alon Bar-Lev
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: