You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@guacamole.apache.org by Richard Lancaster <ri...@osirium.com> on 2020/02/07 15:21:05 UTC

SSH Host Verification via Fingerprint

PuTTY supports SSH host verification via host key fingerprints (see '-hostkey' https://the.earth.li/~sgtatham/putty/0.73/htmldoc/Chapter3.html#using-cmdline).

Is Guacamole able to do the same?

I know it's able to take openssh known_host entries via the option 'host-key', but those don't appear to support fingerprints.

Hoping someone might have advice.

Richard

Re: SSH Host Verification via Fingerprint

Posted by Nick Couchman <vn...@apache.org>.

On Fri, Feb 7, 2020 at 10:21 AM Richard Lancaster <
richard.lancaster@osirium.com> wrote:

> PuTTY supports SSH host verification via host key fingerprints (see
> '-hostkey'
> https://the.earth.li/~sgtatham/putty/0.73/htmldoc/Chapter3.html#using-cmdline
> ).
>
> Is Guacamole able to do the same?
>
> I know it's able to take openssh known_host entries via the option
> 'host-key', but those don't appear to support fingerprints.
>
>
No, it requires a known-hosts format entry.  After reading up on the
fingerprints, it looks like those are only MD5 or SHA1, both of which are
subject to hash collisions, so I'm not sure it's desirable to rely on those
for identifying a SSH host.  Is there some requirement you have for using
fingerprints over known-hosts entries?

-Nick