[Bug 2332] New: Show more secure fingerprints than MD5 (e.g. SHA256) in ssh and ssh-keygen
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Jan 8 05:16:21 AEDT 2015
https://bugzilla.mindrot.org/show_bug.cgi?id=2332
Bug ID: 2332
Summary: Show more secure fingerprints than MD5 (e.g. SHA256)
in ssh and ssh-keygen
Product: Portable OpenSSH
Version: 6.6p1
Hardware: Other
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: kolAflash at kolahilft.de
When connecting to a server the first time, the only information you
get about the servers public key fingerprint in MD5.
Since all I know, MD5 is pretty much broken for security purposes.
Guess it would be wise, to additionally (not exclusively) display a
more secure fingerprint. Probably SHA256 or SHA512 would be great.
By command-line option ssh could also display the full key. (which
isn't that long, especially for ed25519)
ssh-keygen -l -f key-file.pub
Also needs to be able to show a better hash function.
--
This is the only way I currently know, to calculate a SHA256
fingerprint from shell.
openssl pkcs8 -in /etc/ssh/ssh_host_rsa_key.pub -nocrypt -topk8
-outform DER | openssl sha256 -c
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list