[Bug 2821] New: ssh-keyscan cannot generate SSHFP fingerprints

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Jan 19 00:45:22 AEDT 2018


https://bugzilla.mindrot.org/show_bug.cgi?id=2821

            Bug ID: 2821
           Summary: ssh-keyscan cannot generate SSHFP fingerprints
           Product: Portable OpenSSH
           Version: 7.6p1
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh-keyscan
          Assignee: unassigned-bugs at mindrot.org
          Reporter: schwarz at rz.uni-kiel.de

It seems kind of odd that ssh-keyscan does not offer an equivalent to
ssh-keygen's -r to easily generate SSHFP fingerprints for more than one
host, without logging into each host. 
All the information needed is already fetched (i.e. the public keys) or
known (i.e. the hostname), but as is, you'd have to generate the
known_hosts output and then parse it again and hash it yourself or
create temporary files for each line, as you can't pipe into
ssh-keygen.

I realize that this mass-generation pretty much only occurs when you
initially commit to deploying SSHFP, but all the code is already there…

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list