[jira] [Commented] (SSHD-586) openssh compliant public key fingerprint

Sun, 22 Nov 2015 13:53:45 -0800 

    [ 
https://issues.apache.org/jira/browse/SSHD-586?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15021205#comment-15021205
 ] 

ASF GitHub Bot commented on SSHD-586:
-------------------------------------

GitHub user alonbl opened a pull request:

    https://github.com/apache/mina-sshd/pull/19

    [SSHD-586] OpenSSH compliant public key fingerprint

    

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/alonbl/mina-sshd fingerprint

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/mina-sshd/pull/19.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #19
    
----
commit 1d4f04ca8fe6d3e9de7d50cc5325f4d945baf752
Author: Alon Bar-Lev <[email protected]>
Date:   2015-11-22T18:50:18Z

    [SSHD-586] OpenSSH compliant public key fingerprint
    
    Signed-off-by: Alon Bar-Lev <[email protected]>

----


> openssh compliant public key fingerprint
> ----------------------------------------
>
>                 Key: SSHD-586
>                 URL: https://issues.apache.org/jira/browse/SSHD-586
>             Project: MINA SSHD
>          Issue Type: Improvement
>    Affects Versions: 1.1.0
>            Reporter: Alon Bar-Lev
>            Priority: Minor
>
> Hello,
> The apache-sshd always assumes fingerprint as hex string ':' separated.
> While openssh public key fingerprint differs, here are some examples:
> $ ssh-keygen -l -E md5 -f ~/.ssh/id_rsa.pub 
> 2048 MD5:1f:b0:db:4b:48:6d:e2:0c:9e:18:a6:88:c9:be:f9:5f alonbl@localhost 
> (RSA)
> $ ssh-keygen -l -E sha1 -f ~/.ssh/id_rsa.pub 
> 2048 SHA1:aKxMeaFsKNkuHurHCTZ1scdJ7Pc alonbl@localhost (RSA)
> $ ssh-keygen -l -E sha512 -f ~/.ssh/id_rsa.pub 
> 2048 
> SHA512:U4X0Iw3sF+2Hgc0Y78R/6uUw/goG9X2SPFEmsG4yW/EkDFNJtzRMX4/jUawmQMSWSaQdnv3yOO4AItNgLgePdw
>  alonbl@localhost (RSA)
> $ ssh [email protected]
> The authenticity of host '10.35.0.71 (10.35.0.71)' can't be established.
> ECDSA key fingerprint is SHA256:G2GAthRObSnT13jBb7bKl2P0Tf8ucuEqXaYJOdfqHUA.
> Are you sure you want to continue connecting (yes/no)? 
> Old format without a prefix: 1f:b0:db:4b:48:6d:e2:0c:9e:18:a6:88:c9:be:f9:5f 
> is considered md5.
> New format with digest: prefix for md5 keeps the hex string.
> Any other digest will have base64 encoded digest value.
> It will be nice if KeyUtils.getFingerPrint(Digest d, PublicKey key) will 
> comply with the above, so fingerprint can be presented to user and user will 
> be able to compare it visually to expected value.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to