[Bug 3322] Switch SSHFP default digest to SHA256

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Jul 16 23:28:18 AEST 2021


https://bugzilla.mindrot.org/show_bug.cgi?id=3322

--- Comment #4 from Darren Tucker <dtucker at dtucker.net> ---
> I got a (possible wrong) impression that the default value is used on creation.

Creation of the SSHFP records?  It iterates over the available digest
types in export_dns_rr():

  for (dtype = SSHFP_HASH_SHA1; dtype < SSHFP_HASH_MAX; dtype++) {
      rdata_digest_type = dtype;
      if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type,
           &rdata_digest, &rdata_digest_len, key)) {

$ ./ssh-keygen -r fw
fw IN SSHFP 1 1 [...]
fw IN SSHFP 1 2 [...]
fw IN SSHFP 2 1 [...]
fw IN SSHFP 2 2 [...]
fw IN SSHFP 3 1 [...]
fw IN SSHFP 3 2 [...]
fw IN SSHFP 4 1 [...]
fw IN SSHFP 4 2 [...]

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list