Key fingerprint feature request

Jarno Huuskonen jhuuskon at messi.uku.fi
Tue Jan 16 04:03:39 EST 2001 

On Fri, Jan 12, Markus Friedl wrote:
> i think it would be nice if the commercial ssh could print 
> out the  host keys fingerprint in same format as OpenSSH :)

I'm not very optimistic that commercial ssh is going to change to 
md5/hex fingerprint :)

> > >From what I can see it wouldn't be too much work to add new fingerprint
> > method to key.c:key_fingerprint ... Perhaps the fingerprint style could
> > be configurable with ssh_config options ?
> 
> well, ssh-keygen does not read ssh_config (and should not).
> but, yes, perhaps key_fingerprint should get some more options
> (like hash type, output format). on the other hand, this could
> confuse people.

When I was thinking about the ssh_config option for fingerprint style
I had in mind that ssh would use the ssh_config option when displaying
the fingerprint (when connecting to new hosts).

Would something like this work:
- modify key.c:key_fingerprint to take hash_type and fingerprint style
  parameters (hash is md5 / sha1  and fingerprint is 'bubble' / hex).
  ( or just one parameter with both parameters combined?)

- add KeyFingerprintStyle option to ssh_config (this could have values
  like md5-hex, sha1-hex, sha1-bubble etc).
  (Perhaps even multiple values so it would be possible to get the 
   key-fingerprint printed in openssh / commercial ssh style at the same
   time).

- change ssh-keygen.c and ssh-add.c to use the new parameters
  for key_fingerprint (use md5/hex as default and perhaps have something
  like -o parameter)

- change sshconnect.c to use the new parameters and to use the ssh_config 
  option.

(- and modify the manuals to reflect these changes).
All the default values would make OpenSSH to act like before, but add the
possibility to print key fingerprint commercial ssh-style.
 
If these ideas sound somewhat feasible I might volunteer to start coding...

-Jarno

-- 
Jarno Huuskonen - System Administrator   |  Jarno.Huuskonen at uku.fi
University of Kuopio - Computer Centre   |  Work:   +358 17 162822
PO BOX 1627, 70211 Kuopio, Finland       |  Mobile: +358 40 5388169

More information about the openssh-unix-dev mailing list