You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Richard Lancaster <ri...@osirium.com> on 2020/02/07 15:21:05 UTC
SSH Host Verification via Fingerprint
PuTTY supports SSH host verification via host key fingerprints (see '-hostkey' https://the.earth.li/~sgtatham/putty/0.73/htmldoc/Chapter3.html#using-cmdline).
Is Guacamole able to do the same?
I know it's able to take openssh known_host entries via the option 'host-key', but those don't appear to support fingerprints.
Hoping someone might have advice.
Richard
Re: SSH Host Verification via Fingerprint
Posted by Nick Couchman <vn...@apache.org>.
On Fri, Feb 7, 2020 at 10:21 AM Richard Lancaster <
richard.lancaster@osirium.com> wrote:
> PuTTY supports SSH host verification via host key fingerprints (see
> '-hostkey'
> https://the.earth.li/~sgtatham/putty/0.73/htmldoc/Chapter3.html#using-cmdline
> ).
>
> Is Guacamole able to do the same?
>
> I know it's able to take openssh known_host entries via the option
> 'host-key', but those don't appear to support fingerprints.
>
>
No, it requires a known-hosts format entry. After reading up on the
fingerprints, it looks like those are only MD5 or SHA1, both of which are
subject to hash collisions, so I'm not sure it's desirable to rely on those
for identifying a SSH host. Is there some requirement you have for using
fingerprints over known-hosts entries?
-Nick