[Bug 2332] Show more secure fingerprints than MD5 (e.g. SHA256) in ssh and ssh-keygen
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Jan 8 21:31:09 AEDT 2015
https://bugzilla.mindrot.org/show_bug.cgi?id=2332
--- Comment #3 from Petr Lautrbach <plautrba at redhat.com> ---
You can put "FingerprintHash=md5" into your ssh config files
(/etc/ssh/ssh_config, ~/.ssh/config) or use '-o FingerprintHash=md5'
directly on the command line.
$ ssh localhost
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is
SHA256:WvwqGxIhzB8L7L3/V9v9cI4IZ+IxTtAGo2FXFRfpPSQ.
$ ssh -o FingerprintHash=md5 localhost
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is
MD5:da:24:43:0b:2e:c1:3f:a1:84:13:92:01:52:b4:84:ff.
...
$ ssh -o FingerprintHash=sha512 localhost
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is
SHA512:lbvPnoYkOXD0yOv7C1iLFjrlPz0sg5ImLzT7ffZTte4iJ7MmZtHjBTRm9EimMAYKNGgB5XEHDs8gnCPnJCf5dQ.
But there seems to be a bug that you can't overwrite FingerprintHash
option on the command line when it's set in a config file.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list