[jira] [Resolved] (SSHD-586) openssh compliant public key fingerprint

["Goldstein Lyor (JIRA)" <ji...@apache.org>]

     [ https://issues.apache.org/jira/browse/SSHD-586?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Goldstein Lyor resolved SSHD-586.
---------------------------------
       Resolution: Fixed
    Fix Version/s: 1.1.0

> openssh compliant public key fingerprint
> ----------------------------------------
>
>                 Key: SSHD-586
>                 URL: https://issues.apache.org/jira/browse/SSHD-586
>             Project: MINA SSHD
>          Issue Type: Improvement
>    Affects Versions: 1.1.0
>            Reporter: Alon Bar-Lev
>            Priority: Minor
>             Fix For: 1.1.0
>
>
> Hello,
> The apache-sshd always assumes fingerprint as hex string ':' separated.
> While openssh public key fingerprint differs, here are some examples:
> $ ssh-keygen -l -E md5 -f ~/.ssh/id_rsa.pub 
> 2048 MD5:1f:b0:db:4b:48:6d:e2:0c:9e:18:a6:88:c9:be:f9:5f alonbl@localhost (RSA)
> $ ssh-keygen -l -E sha1 -f ~/.ssh/id_rsa.pub 
> 2048 SHA1:aKxMeaFsKNkuHurHCTZ1scdJ7Pc alonbl@localhost (RSA)
> $ ssh-keygen -l -E sha512 -f ~/.ssh/id_rsa.pub 
> 2048 SHA512:U4X0Iw3sF+2Hgc0Y78R/6uUw/goG9X2SPFEmsG4yW/EkDFNJtzRMX4/jUawmQMSWSaQdnv3yOO4AItNgLgePdw alonbl@localhost (RSA)
> $ ssh root@10.35.0.71
> The authenticity of host '10.35.0.71 (10.35.0.71)' can't be established.
> ECDSA key fingerprint is SHA256:G2GAthRObSnT13jBb7bKl2P0Tf8ucuEqXaYJOdfqHUA.
> Are you sure you want to continue connecting (yes/no)? 
> Old format without a prefix: 1f:b0:db:4b:48:6d:e2:0c:9e:18:a6:88:c9:be:f9:5f is considered md5.
> New format with digest: prefix for md5 keeps the hex string.
> Any other digest will have base64 encoded digest value.
> It will be nice if KeyUtils.getFingerPrint(Digest d, PublicKey key) will comply with the above, so fingerprint can be presented to user and user will be able to compare it visually to expected value.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)