Key fingerprint feature request

Markus Friedl Markus.Friedl at informatik.uni-erlangen.de
Tue Jan 16 04:17:40 EST 2001 

the option for choosing the fingerprint hash is very easy.                
just change the line
	EVP_MD *md = EVP_md5();
in key.c

i have no idea about bubble, but start coding.

On Mon, Jan 15, 2001 at 07:03:39PM +0200, Jarno Huuskonen wrote:
> On Fri, Jan 12, Markus Friedl wrote:
> > i think it would be nice if the commercial ssh could print 
> > out the  host keys fingerprint in same format as OpenSSH :)
> 
> I'm not very optimistic that commercial ssh is going to change to 
> md5/hex fingerprint :)
> 
> > > >From what I can see it wouldn't be too much work to add new fingerprint
> > > method to key.c:key_fingerprint ... Perhaps the fingerprint style could
> > > be configurable with ssh_config options ?
> > 
> > well, ssh-keygen does not read ssh_config (and should not).
> > but, yes, perhaps key_fingerprint should get some more options
> > (like hash type, output format). on the other hand, this could
> > confuse people.
> 
> When I was thinking about the ssh_config option for fingerprint style
> I had in mind that ssh would use the ssh_config option when displaying
> the fingerprint (when connecting to new hosts).
> 
> Would something like this work:
> - modify key.c:key_fingerprint to take hash_type and fingerprint style
>   parameters (hash is md5 / sha1  and fingerprint is 'bubble' / hex).
>   ( or just one parameter with both parameters combined?)
> 
> - add KeyFingerprintStyle option to ssh_config (this could have values
>   like md5-hex, sha1-hex, sha1-bubble etc).
>   (Perhaps even multiple values so it would be possible to get the 
>    key-fingerprint printed in openssh / commercial ssh style at the same
>    time).
> 
> - change ssh-keygen.c and ssh-add.c to use the new parameters
>   for key_fingerprint (use md5/hex as default and perhaps have something
>   like -o parameter)
> 
> - change sshconnect.c to use the new parameters and to use the ssh_config 
>   option.
> 
> (- and modify the manuals to reflect these changes).
> All the default values would make OpenSSH to act like before, but add the
> possibility to print key fingerprint commercial ssh-style.
>  
> If these ideas sound somewhat feasible I might volunteer to start coding...
> 
> -Jarno
> 
> -- 
> Jarno Huuskonen - System Administrator   |  Jarno.Huuskonen at uku.fi
> University of Kuopio - Computer Centre   |  Work:   +358 17 162822
> PO BOX 1627, 70211 Kuopio, Finland       |  Mobile: +358 40 5388169
>

More information about the openssh-unix-dev mailing list