ssh: case insensitive fingerprint validation
Patrik Lundin
patrik at sigterm.se
Wed Sep 9 07:16:55 AEST 2020
Hello!
I noticed the ssh client now allows you to paste a fingerprint at the
host key verification question which I thought was pretty cool and a
welcome feature.
When testing it out I discovered it did not care about the case of the
entered hash, and looking at sshconnect.c I see strcasecmp() is
used which explains why.
I'm just curious if this was a deliberate decision or if it would make
sense to actually care about the case since the base64 encoded sha256
fingerprints contains a mix of upper and lower case characters.
Regards,
Patrik Lundin
More information about the openssh-unix-dev
mailing list