ssh: case insensitive fingerprint validation

Damien Miller djm at
Thu Sep 10 07:58:16 AEST 2020

On Tue, 8 Sep 2020, Patrik Lundin wrote:

> Hello!
> I noticed the ssh client now allows you to paste a fingerprint at the
> host key verification question which I thought was pretty cool and a
> welcome feature.
> When testing it out I discovered it did not care about the case of the
> entered hash, and looking at sshconnect.c I see strcasecmp() is
> used which explains why.
> I'm just curious if this was a deliberate decision or if it would make
> sense to actually care about the case since the base64 encoded sha256
> fingerprints contains a mix of upper and lower case characters.

Yes, it should be case sensitive. I have committed a fix that will
be in OpenSSH 8.4.


More information about the openssh-unix-dev mailing list