You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@mina.apache.org by "Alon Bar-Lev (JIRA)" <ji...@apache.org> on 2015/11/15 12:24:11 UTC

[jira] [Created] (SSHD-586) openssh compliant public key fingerprint

Alon Bar-Lev created SSHD-586:
---------------------------------

             Summary: openssh compliant public key fingerprint
                 Key: SSHD-586
                 URL: https://issues.apache.org/jira/browse/SSHD-586
             Project: MINA SSHD
          Issue Type: Improvement
    Affects Versions: 1.1.0
            Reporter: Alon Bar-Lev


Hello,

The apache-sshd always assumes fingerprint as hex string ':' separated.

While openssh public key fingerprint differs, here are some examples:
$ ssh-keygen -l -E md5 -f ~/.ssh/id_rsa.pub 
2048 MD5:1f:b0:db:4b:48:6d:e2:0c:9e:18:a6:88:c9:be:f9:5f alonbl@localhost (RSA)
$ ssh-keygen -l -E sha1 -f ~/.ssh/id_rsa.pub 
2048 SHA1:aKxMeaFsKNkuHurHCTZ1scdJ7Pc alonbl@localhost (RSA)
$ ssh-keygen -l -E sha512 -f ~/.ssh/id_rsa.pub 
2048 SHA512:U4X0Iw3sF+2Hgc0Y78R/6uUw/goG9X2SPFEmsG4yW/EkDFNJtzRMX4/jUawmQMSWSaQdnv3yOO4AItNgLgePdw alonbl@localhost (RSA)

$ ssh root@10.35.0.71
The authenticity of host '10.35.0.71 (10.35.0.71)' can't be established.
ECDSA key fingerprint is SHA256:G2GAthRObSnT13jBb7bKl2P0Tf8ucuEqXaYJOdfqHUA.
Are you sure you want to continue connecting (yes/no)? 

Old format without a prefix: 1f:b0:db:4b:48:6d:e2:0c:9e:18:a6:88:c9:be:f9:5f is considered md5.
New format with digest: prefix for md5 keeps the hex string.
Any other digest will have base64 encoded digest value.

It will be nice if KeyUtils.getFingerPrint(Digest d, PublicKey key) will comply with the above, so fingerprint can be presented to user and user will be able to compare it visually to expected value.




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)